68
69 <para>Many additional changes were made to &os; that are not listed
70 here for lack of space. For example, documentation was corrected
71 and improved, minor bugs were fixed, insecure coding practices
72 were audited and corrected, and source code was cleaned up.</para>
73
74 <sect2 id="kernel">
75 <title>Kernel Changes</title>
76
77 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to
78 provide access to the system monitoring functions of the AMD 756
79 chipset. &merged;</para>
80
81 <para role="historic">The &man.agp.4; driver for AGP devices has been
82 added. &merged;</para>
83
84 <para>A new &man.ddb.4; command <command>show pcpu</command> lists
85 some of the per-CPU data.</para>
86
87 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and
88 <command>dhwatch</command>, have been introduced. Analogous to
89 <command>watch</command> and <command>dwatch</command>, they
90 install hardware watchpoints (as opposed to software
91 watchpoints) if supported by the architecture. &merged;</para>
92
93 <para>&man.devfs.5;, which allows entries in the
94 <filename>/dev</filename> directory to be built automatically
95 and supports more flexible attachment of devices, has been
96 largely reworked. &man.devfs.5; is now enabled by default and
97 can be disabled by the <literal>NODEVFS</literal> kernel
98 option.</para>
99
100 <para>The dgm driver has been removed in favor of the digi driver.</para>
101
102 <para>A new digi driver has been added to support PCI Xr-based and
103 ISA Xem Digiboard cards. A new &man.digictl.8; program is
104 (mainly) used to re-initialize cards that have external port
105 modules attached such as the PC/Xem.</para>
106
107 <para>An &man.eaccess.2; system call has been added, similar to
108 &man.access.2; except that the former uses effective credentials
109 rather than real credentials.</para>
110
111 <para arch="sparc64">Support has been added for EBus-based
112 devices.</para>
113
114 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA
115 (ICH) SMBus controller and compatibles has been
116 added. &merged;</para>
117
118 <para>Each &man.jail.2; environment can now run under its own
119 securelevel.</para>
120
121 <para>The tunable sysctl variables for &man.jail.2; have moved
122 from <varname>jail.*</varname> to the
123 <varname>security.*</varname> hierarchy. Other security-related
124 sysctl variables have moved from <varname>kern.security.*</varname> to
125 <varname>security.*</varname>.</para>
126
127 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly
128 limits the number of vnodes in use. Previously only vnodes with
129 no cached pages could be freed; this could allow the number of
130 vnodes to grow without limit on large-memory machines accessing
131 many small files. A <literal>vnlru</literal> kernel thread
132 helps to flush and reuse vnodes. &merged;</para>
133
134 <para role="historic">The kernel message buffer is now accessible by the
135 (machine-independent) <varname>kern.msgbuf</varname> sysctl
136 variable; &man.dmesg.8; no longer needs to be SGID
137 <groupname>kmem</groupname>. &merged;</para>
138
139 <para>The kernel environment is now dynamic, and can be changed
140 via the new &man.kenv.2; system call.</para>
141
142 <para role="historic">The &man.kqueue.2; event notification facility was added to
143 the &os; kernel. This is a new interface which is able to
144 replace &man.poll.2;/&man.select.2;, offering improved
145 performance, as well as the ability to report many different
146 types of events. Support for monitoring changes in sockets,
147 pipes, fifos, and files are present, as well as for signals and
148 processes. &merged;</para>
149
150 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option
151 can be used to reconfigure the size of the kernel virtual
152 address space. &merged;</para>
153
154 <para>The labpc(4) driver has been removed due to
155 <quote>bitrot</quote>.</para>
156
157 <para>The loader and kernel linker now look for files named
158 <filename>linker.hints</filename> in each directory with KLDs
159 for a module name and version to KLD filename mapping. The new
160 &man.kldxref.8; utility is used to generate these files.</para>
161
162 <para role="historic">Linux emulation now supports the kernel functionality
163 required by the
164 <filename role="package">emulators/linux_base</filename>
165 (RedHat 7.X emulation) port. &merged;</para>
166
167 <para role="historic">Linux emulation now requires <literal>options
168 SYSVSEM</literal> in the kernel configuration. &merged;</para>
169
170 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control
171 security facility, has been added as a kernel module. It
172 provides a drop-in security mechanism in addition to the
173 traditional UID-based security facilities, requiring no
174 additional configuration from the administrator. Work on this
175 feature was sponsored by DARPA and NAI Labs.</para>
176
177 <para role="historic">The <varname>maxusers</varname> kernel configuration
178 parameter is now a boot-time tunable variable. The kernel
179 parameters derived from <varname>maxusers</varname> are now also
180 tunables and can be overridden at boot-time. The
181 <varname>hz</varname> parameter is also now a
182 tunable. &merged;</para>
183
184 <para role="historic">Specifying a value of <literal>0</literal> for the
185 <varname>maxusers</varname> kernel configuration parameter will
186 now cause an appropriate value to be calculated at boot-time
187 (between 32 and 384, depending on the amount of memory present).
188 This value is now the default for all
189 <filename>GENERIC</filename> kernels. &merged;</para>
190
191 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option,
192 along with the <varname>hw.physmem</varname> loader tunable, can
193 be used to artificially reduce the memory size of a machine for
194 testing (or other purposes). &merged;</para>
195
196 <para role="historic">The kernel configuration parameters
197 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>,
198 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>,
199 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are
200 all loader tunables (<varname>kern.maxtsiz</varname>,
201 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para>
202
203 <para>&man.mutex.9; profiling code has been added, enabled by the
204 <literal>MUTEX_PROFILING</literal> kernel configuration option.
205 It enables the <varname>debug.mutex.prof.*</varname> hierarchy
206 of sysctl variables.</para>
207
208 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>,
209 <literal>NAPIC</literal>, <literal>NBUS</literal>, and
210 <literal>NINTR</literal> kernel configuration options,
211 for configuring SMP kernels, have been removed.
212 <literal>NCPU</literal> is now set to a maximum of 16,
213 and the other, aforementioned options are now
214 dynamic. &merged;</para>
215
216 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added.
217 &merged;</para>
218
219 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to
220 &man.open.2; and &man.fcntl.2;. Specifying this flag for open
221 files will attempt to minimize the cache effects of reading and
222 writing. &merged;</para>
223
224 <para role="historic">An &man.orm.4; device has been added to claim the option
225 ROMs in the ISA memory I/O space, to prevent other drivers from
226 mistakenly assigning addresses that conflict with these
227 ROMs. &merged;</para>
228
229 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has
230 been added.</para>
231
232 <para arch="pc98" role="historic">The pmc driver, which supports the power
233 management controller of the NEC PC-98NOTE, has been
234 added. &merged;</para>
235
236 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The
237 implementation uses regular files, but automatically enables the
238 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para>
239
240 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a
241 single <literal>PQ_CACHESIZE</literal> option to be set to the
242 cache size in kilobytes. The old options are still supported
243 for backwards compatibility. &merged;</para>
244
245 <para arch="i386" role="historic">The &man.puc.4; (PCI <quote>Universal</quote>
246 Communications) driver has been added, to help connect PCI-based
247 serial ports to the &man.sio.4; driver. &merged;</para>
248
249 <para>The &man.random.4; device has been rewritten to use the
250 <application>Yarrow</application> algorithm. It harvests
251 entropy from a variety of interrupt sources, including the
252 console devices, Ethernet and point-to-point network interfaces,
253 and mass-storage devices. Entropy from the &man.random.4;
254 device is now periodically saved to files in
255 <filename>/var/db/entropy</filename>, as well as at shutdown
256 time. The semantics of <filename>/dev/random</filename> have
257 changed; it never blocks waiting for entropy bits but generates
258 a stream of pseudo-random data and now behaves exactly as
259 <filename>/dev/urandom</filename>.</para>
260
261 <para>A new kernel option, <literal>options REGRESSION</literal>,
262 enables interfaces and functionality intended for use during
263 correctness and regression testing.</para>
264
265 <para arch="sparc64">Support has been added for SBus-based
266 devices.</para>
267
268 <para arch="sparc64">The se driver, which supports the Siemens
269 SAB82532 serial chip found on many newer Sparc Ultra machines,
270 has been added.</para>
271
272 <para role="historic">The &man.snp.4; device is no longer static and can now be
273 compiled as a module. &merged;</para>
274
275 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access
276 to the Jog Dial device on some Sony laptops, has been
277 added. &man.moused.8; support for this device has also been
278 added. &merged;</para>
279
280 <para>The &man.syscons.4; driver now supports keyboard-controlled
281 pasting, by default bound to
282 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para>
283
284 <para role="historic">Support for USB devices was added to the
285 <filename>GENERIC</filename> kernel and to the installation
286 programs to support USB devices out of the box. Note that SRM
287 does not support USB devices at the moment, so you must still
288 use an AT keyboard if you are not using a serial
289 console. &merged;</para>
290
291 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems
292 has been added. Support is provided for the 3Com 5605 and
293 Metricom Ricochet GS wireless USB modems. &merged;</para>
294
295 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB
296 scanner support using SANE has been added. See <ulink
297 url="http://www.mostang.com/sane/">the SANE home page</ulink>
298 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C
299 are known to be working. &merged;</para>
300
301 <para>The &man.ucom.4; device driver has been added, to support USB
302 modems, serial devices, and other programs that need to look
303 like a tty. The related &man.uplcom.4; and &man.uvscom.4; drivers provide specific
304 support for the Prolific PL-2303 serial adapter and the SUNTAC
305 Slipper U VS-10U, respectively.</para>
306
307 <para>To increase security, the <literal>UCONSOLE</literal> kernel
308 configuration option has been removed.</para>
309
310 <para arch="i386,pc98">The UserConfig boot-time kernel configuration
311 feature, usually used to enable, disable, or configure ISA
312 devices, has been removed. Its functionality has been replaced
313 by the kernel hints file in
314 <filename>/boot/device.hints</filename>.</para>
315
316 <para>The <literal>USER_LDT</literal> kernel option is now
317 activated by default.</para>
318
319 <para>A VESA S3 linear framebuffer driver has been added.</para>
320
321 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus
322 power management controllers has been added. &merged;</para>
323
324 <!-- Above this line, sort kernel changes by manpage/keyword-->
325
326 <para role="historic">Write combining for crashdumps has been implemented. This
327 feature is useful when write caching is disabled on both SCSI
328 and IDE disks, where large memory dumps could take up to an hour
329 to complete. &merged;</para>
330
331 <para>The kernel crashdump infrastructure has been revised, to
332 support new platforms and in general clean up the logic in the
333 code. One implication of this change is that the on-disk format
334 for kernel dumps has changed, and is now
335 byte-order-agnostic.</para>
336
337 <para>Extremely large swap areas (>67 GB) no longer panic the
338 system.</para>
339
340 <para arch="alpha">Support for threads under Linux emulation has
341 been added.</para>
342
343 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the
344 name of the configuration(s) to build from the
345 <varname>KERNCONF</varname> variable, not
346 <varname>KERNEL</varname>. It is no longer required, in some
347 cases, for a <maketarget>buildworld</maketarget> to precede a
348 <maketarget>buildkernel</maketarget>. (The
349 <maketarget>buildworld</maketarget> is still required when
350 upgrading across major releases, across
351 <application>binutil</application> updates and when
352 &man.config.8; changes version.) &merged;</para>
353
354 <para role="historic">The out-of-swap process termination code now begins killing
355 processes earlier to avoid deadlocks; it now also takes into
356 account the swap space used by processes when computing the
357 process sizes. &merged;</para>
358
359 <para>Linker sets are now self-contained; gensetdefs(8) is
360 unnecessary and has been removed.</para>
361
362 <para role="historic">Network device cloning has been implemented, and the
363 &man.gif.4; device has been modified to take advantage of it.
364 Thus, instead of specifying how many &man.gif.4; interfaces are
365 available in kernel configuration files, &man.ifconfig.8;'s
366 <option>create</option> option should be used when another device
367 instance is desired. &merged;</para>
368
369 <para>It is now possible to hardwire kernel environment variables
370 (such as tuneables) at compile-time using &man.config.8;'s
371 <literal>ENV</literal> directive.</para>
372
373 <para>Idle zeroing of pages can be enabled with the
374 <varname>vm.idlezero_enable</varname> sysctl variable.</para>
375
376 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported
377 to the symbol table and various hard-coded constants have been
378 removed so that utilities such as &man.ps.1; can work with
379 kernels compiled at different addresses. &merged;</para>
380
381 <para role="historic">Coredumps of large processes (or of a large number of
382 processes) no longer lock up the machine for long periods of
383 time. &merged;</para>
384
385 <para>The Kernel-Scheduled Entity project has made changes to the
386 kernel scheduler to more efficiently handle multi-threaded
387 programs.</para>
388
389 <para>The kernel now has support for multiple low-level console
390 devices. The new &man.conscontrol.8; utility helps to manage
391 the different consoles.</para>
392
393 <para arch="alpha">The console driver has gained support for
394 TGA-based display adapters.</para>
395
396 <para role="historic">The kernel on the installation CDs is now separated from the
397 <filename>mfsroot</filename> image. This permits the use of a
398 full kernel when installing from CD on machines that support CD
399 booting (instead of the stripped-down kernel used on
400 floppies). &merged;</para>
401
402 <para role="historic">The system load average computation now adds some jitter to
403 the timing of samples, in order to avoid synchronization with
404 processes that run periodically. &merged;</para>
405
406 <para role="historic">If a debugging kernel with modules is being built
407 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the
408 modules will now be built with debugging support as well, for
409 completeness. A side effect of this change is that modules
410 built and installed with debugging kernels will now occupy more
411 space on disk than they did previously. &merged;</para>
412
413 <para role="historic">The kernel dump device can now be set via the
414 <varname>dumpdev</varname> loader tunable. As a result, it is
415 now possible to obtain crash dumps from panics during the late
416 stages of kernel initialization (before the system enters into
417 single-user mode). &merged;</para>
418
419 <para>The kernel memory allocator is now a slab memory allocator,
420 similar to that used in Solaris. This is a SMP-safe memory
421 allocator that has near-linear performance as the number of CPUs
422 increases. It also allows for reduced memory
423 fragmentation.</para>
424
425 <sect3>
426 <title>Processor/Motherboard Support</title>
427
428 <para>SMP support has been largely reworked, incorporating code
429 from BSD/OS 5.0. One of the main features of SMPng
430 (<quote>SMP Next Generation</quote>) is to allow more
431 processes to run in kernel, without the need for spin locks
432 that can dramatically reduce the efficiency of multiple
433 processors. Interrupt handlers now have contexts associated
434 with them that allow them to be blocked, which reduces the
435 need to lock out interrupts.</para>
436
437 <para arch="i386,pc98">Support for the 80386 processor has been
438 removed from the <filename>GENERIC</filename> kernel, as this
439 code seriously pessimizes performance on other IA32
440 processors.
441 The <literal>I386_CPU</literal> kernel option
442 to support the 80386 processor is now mutually exclusive with
443 support for other IA32 processors; this should slightly
444 improve performance on the 80386 due to the elimination of
445 runtime processor type checks.
446 Custom kernels that will run on the 80386 can
447 still be built by changing the cpu options in the kernel
448 configuration file to only include
449 <literal>I386_CPU</literal>.</para>
450
451 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has
452 been tested and works OK. Currently it does not want to boot
453 from CD or floppy but a transplanted disk that was installed
454 on another Alpha works well. &merged;</para>
455
456 <para arch="alpha">The API UP1100 mainboard has been verified to
457 work.</para>
458
459 <para arch="alpha">The API CS20 1U high server has been verified
460 to work.</para>
461
462 <para arch="alpha">The DEC3000 series support has been removed
463 from the mfsroot floppy image so that it fits on a 1.44 Mbyte
464 floppy again. As the DEC3000 is currently only usable diskless
465 this should not cause any problems.</para>
466
467 <para arch="alpha">Support for AlphaServer 2100A
468 (<quote>Lynx</quote>) has been added.</para>
469
470 <para arch="alpha">Kernel code has been added that allows older
471 generation Alpha CPUs (EV4 and EV5) to emulate instructions of
472 the newer Alpha CPU generations. This enables the use of
473 binary-only programs like <application>Adobe Acrobat
474 4</application> on EV4 and EV5.</para>
475
476 <para arch="alpha">SMP support for the Alpha is now operational.</para>
477
478 <para arch="i386" role="historic">Detection for new processors, such as the
479 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and
480 Transmeta Crusoe LongRun, has been added. &merged;</para>
481
482 <para arch="alpha">Support for the following hardware has been
483 removed from the installation kernel to make it fit on a
484 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine,
485 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595),
486 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS
487 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb
488 (Winbond W89C840F).</para>
489
490 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym>
491 Extensions (<acronym>SSE</acronym>) has been introduced. The
492 <literal>CPU_ENABLE_SSE</literal> kernel option controls
493 whether support is compiled into the kernel. &merged;</para>
494
495 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal>
496 kernel option has been added, which attempts to enable the SSE
497 feature bit on newer Athlon CPUs if the BIOS has forgotten to
498 enable it. &merged;</para>
499
500 <para arch="sparc64">The UltraSPARC platform is now supported by
501 &os;. The following machines are supported to at least some
502 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade
503 100. SMP is supported, and has been tested on the
504 Ultra 2, Ultra 60, Enterprise 220R, and
505 Enterprise 420R.</para>
506
507 <para arch="i386" role="historic">On some systems, the BIOS does not activate
508 the I/O ports and memory of PC devices, thus making them
509 unusable. The <literal>PCI_ENABLE_IO_MODES</literal> kernel
510 option forces &os; to enable these devices so that they can be
511 used. &merged;</para>
512
513 </sect3>
514
515 <sect3>
516 <title>Bootloader Changes</title>
517
518 <para arch="i386" role="historic"><filename>boot2</filename> now supports a
519 <option>-n</option> option to disallow boot interruption by
520 keypresses. &merged;</para>
521
522 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap
523 utility for CDROMs provides better compatability with some
524 BIOS implementations that do not completely implement the El
525 Torito bootable CDROM standard. This boot loader supports
526 <quote>no emulation</quote> mode booting, thus eliminating the
527 need for an emulated floppy disk image on a bootable
528 CDROM. &merged;</para>
529
530 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a
531 <literal>nullconsole</literal> console type, for use on
532 systems with neither a video console nor a serial
533 port. &merged;</para>
534
535 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support
536 (enabled at compile-time, off by default) for loading
537 <application>bzip2</application>-compressed kernels and
538 modules. &merged;</para>
539
540 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0
541 (PXE) was added to the &os; boot loader. Due to API
542 differences, the older PXE versions are not supported. This
543 allow network booting using DHCP. &merged;</para>
544
545 <!-- Above this line, order bootloader changes by keyword-->
546
547 <para arch="i386" role="historic">The &os; boot loader now contains a workaround
548 to support CDROM booting on certain IBM BIOSs that expect the
549 first sector of the emulated floppy to contain a valid MS-DOS
550 BPB that they can modify. &merged;</para>
551
552 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a
553 <option>-p</option> flag to force the kernel to pause after
554 each line of output during the probing phase. &merged;</para>
555
556 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of
557 booting from filesystems with block sizes larger than
558 8K. &merged;</para>
559
560 <para>The kernel and modules have been moved to the directory
561 <filename>/boot/kernel</filename>, so they can be easily
562 manipulated together. The boot loader has been updated to
563 make this change as seamless as possible.</para>
564 </sect3>
565
566 <sect3>
567 <title>Network Interface Support</title>
568
569 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports
570 Wired Equivalent Privacy (WEP) encryption, settable via
571 &man.ancontrol.8;. &merged;</para>
572
573 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350
574 series of adaptors. &merged;</para>
575
576 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote>
577 mode, settable via the <option>-M</option> option to
578 &man.ancontrol.8;. &merged;</para>
579
580 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as
581 the <quote>Home</quote> WEP key. The Linux Aironet utilities
582 are now supported under emulation. &merged;</para>
583
584 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based
585 networks has been added. &merged;</para>
586
587 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to
588 support the Broadcom BCM570x family of Gigabit Ethernet
589 controllers, including the 3Com 3c996-T, the SysKonnect
590 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on
591 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload,
592 jumbo frames and VLAN tag insertion/stripping are supported,
593 as well as interrupt moderation. &merged;</para>
594
595 <para arch="i386" role="historic">The cm driver has been added to support SMC
596 COM90cx6 ARCNET network adapters. &merged;</para>
597
598 <para>The &man.dc.4; driver now supports NICs based on the Xircom
599 3201 and Conexant LANfinity RS7112 chips.</para>
600
601 <para role="historic">The &man.dc.4; driver now has support for
602 VLANs. &merged;</para>
603
604 <para role="historic">The &man.de.4; driver now performs round-robin arbitration
605 between the transmit and receive units of the 21143, instead
606 of giving priority to the receive unit. This gives a
607 10–15% performance improvement in the forwarding rate
608 under heavy load. &merged;</para>
609
610 <para arch="alpha">The &man.ed.4; driver is now supported.</para>
611
612 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported
613 by the &man.ed.4; driver now require the addition of flag
614 <literal>0x80000</literal> to their config line in
615 &man.pccard.conf.5;. This flag is not optional. These
616 Linksys cards will not be recognized without
617 it. &merged;</para>
618
619 <para role="historic">A bug in the &man.ed.4; driver that could cause panics
620 with very short packets and BPF or bridging active has been
621 fixed. &merged;</para>
622
623 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022
624 chips, necessary for the NetGear FA-410TX and other cards. As
625 a result, <literal>device miibus</literal> is required in
626 kernel configurations using the &man.ed.4;
627 driver. &merged;</para>
628
629 <para arch="i386">The &man.el.4; driver can now be loaded as a
630 module.</para>
631
632 <para arch="i386,pc98" role="historic">The &man.em.4; driver has been added to
633 support NICs based on the Intel 82542, 82543, and 82544
634 Gigabit Ethernet controller chips. The driver supports
635 transmit/receive checksum offload and jumbo frames on 82543
636 and 82544-based adapters. &merged;</para>
637
638 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and
639 clonable. &merged;</para>
640
641 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based
642 Ethernet PC-Cards has been added back in the &man.fe.4;
643 driver. &merged;</para>
644
645 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's
646 DEFPA FDDI adaptors on the Alpha. &merged;</para>
647
648 <para role="historic">The &man.fxp.4; driver now requires a <literal>device
649 miibus</literal> entry in the kernel configuration
650 file. &merged;</para>
651
652 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI
653 protocol violations caused by defects in some systems based on
654 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the
655 EEPROM on the interface to disable Dynamic Standby Mode; once
656 the EEPROM is rewritten, the system needs to be rebooted for
657 the new settings to take effect. &merged;</para>
658
659 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable
660 microcode to implement receive-side interrupt coalescing and
661 packet bundling, on NICs that support these features. This
662 support can be activated by the use of the
663 <option>link0</option> option to
664 &man.ifconfig.8;. &merged;</para>
665
666 <para arch="sparc64">The gem driver has been added to support
667 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet
668 adapters.</para>
669
670 <para role="historic">The &man.gx.4; driver has been added to support NICs based
671 on the Intel 82542 and 82543 Gigabit Ethernet controller
672 chips. Both fiber and copper variants of the cards are
673 supported. Both boards support VLAN tagging/insertion, and
674 the 82543 additionally supports TCP/IP checksum
675 offload. &merged;</para>
676
677 <para arch="sparc64">The hme driver has been added to support
678 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra
679 series machines.</para>
680
681 <para role="historic">The &man.lge.4; driver has been added to support the Level
682 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This
683 device is used on some fiber optic GigE cards from SMC, D-Link
684 and Addtron. Jumbograms and TCP/IP checksum offload on
685 receive are supported, although hardware VLAN filtering is
686 not. &merged;</para>
687
688 <para role="historic">The my driver, which supports the Myson Fast Ethernet and
689 Gigabit Ethernet adapters, has been added. &merged;</para>
690
691 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit
692 Ethernet adapters based on the National Semiconductor DP83820
693 and DP83821 Gigabit Ethernet controller chips, including the
694 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante
695 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T.
696 This driver supports transmit and receive checksum
697 offloading. &merged;</para>
698
699 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST,
700 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and
701 HomePNA adapters, has been added. Although these cards are
702 already supported by the &man.lnc.4; driver, the &man.pcn.4;
703 driver runs these chips in 32-bit mode and uses the RX
704 alignment feature to achieve zero-copy receive. This driver
705 is also machine-independent, so it will work on the i386,
706 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed
707 to support non-PCI cards. &merged;</para>
708
709 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator
710 wireless network cards, has been committed. The operation of
711 &man.ray.4; interfaces can be modified by
712 &man.raycontrol.8;. &merged;</para>
713
714 <para arch="i386" role="historic">The sbni driver, for supporting the Granch
715 SBNI12 series of ISA and PCI point-to-point communications
716 interfaces, has been added. The <filename
717 role="package">sysutils/sbniconfig</filename> port in the &os;
718 Ports Collection can be used for configuring these
719 devices. &merged;</para>
720
721 <para role="historic">Added support for PCI Ethernet adapters based on the SiS
722 900 and SiS 7016 Fast Ethernet controller chips (for example,
723 as seen on the SiS 635 and 735 motherboard chipsets), as well
724 as the National Semiconductor DP83815 chipset (including the
725 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4;
726 driver. This device has support for VLANs. &merged;</para>
727
728 <para arch="pc98" role="historic">The snc driver for the National Semiconductor
729 DP8393X (SONIC) Ethernet controller has been added.
730 Currently, this driver is only used on the PC-98
731 architecture. &merged;</para>
732
733 <para>The &man.stf.4; device is now clonable.</para>
734
735 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver
736 for bridged configurations, has been added. This device is
737 clonable. &merged;</para>
738
739 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC
740 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT
741 Gigabit cards. &merged;</para>
742
743 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para>
744
745 <para role="historic">The &man.txp.4; driver has been added to support NICs
746 based on the 3Com 3XP Typhoon/Sidewinder (3CR990)
747 chipset. &merged;</para>
748
749 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and
750 clonable. &merged;</para>
751
752 <para role="historic">The &man.wi.4; driver now has support for Prism II and
753 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism
754 cards. &merged;</para>
755
756 <para role="historic">The &man.wi.4; driver now supports using a &os; host as
757 a wireless access point. This functionality can be enabled
758 using the <literal>mediaopt hostap</literal> option of
759 &man.ifconfig.8;. This feature requires a wireless
760 adapter based on the Prism II chipset. &merged;</para>
761
762 <para role="historic">The &man.wi.4; driver now has support for
763 <application>bsd-airtools</application>. &merged;</para>
764
765 <para role="historic">The xe driver can now be built as a
766 module. &merged;</para>
767
768 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and
769 3C556B MiniPCI adapters used on some laptops. &merged;</para>
770
771 <para role="historic">The &man.xl.4; driver now supports reception of VLAN
772 tagged frames (on the <quote>Cyclone</quote> or newer
773 chipsets). &merged;</para>
774
775 <para role="historic">The &man.xl.4; driver now supports send- and receive-side
776 TCP/IP checksum offloading for NICs implementing this feature,
777 such as the 3C905B, 3C905C, and 3C980C. &merged;</para>
778
779 <para role="historic">A bug in the &man.xl.4; driver, related to statistics
780 overflow interrupt handling, was causing slowdowns at medium
781 to high packet rates; this has been fixed. &merged;</para>
782
783 <para role="historic">The per-interface <varname>ifnet</varname> structure now
784 has the ability to indicate a set of capabilities supported by
785 a network interface, and which ones are enabled.
786 &man.ifconfig.8; has support for querying these
787 capabilities. &merged;</para>
788
789 <para role="historic">Performance with hosts having a large number of IP aliases
790 has been improved, by replacing the per-interface
791 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para>
792
793 <para>Network devices now automatically appear as special files in
794 <filename>/dev/net</filename>. Interface hardware ioctls (not
795 protocol or routing) can be performed on these devices. The
796 <varname>SIOCGIFCONF</varname> ioctl may be performed on the
797 special <filename>/dev/network</filename> node.</para>
798
799 <para role="historic">Selected network drivers now implement a semi-polling
800 mode, which makes systems much more resilient to attacks and
801 overloads. To enable polling, the following options are
802 required in a kernel configuration file:
803
804 <programlisting>options DEVICE_POLLING
805options HZ=1000 # not compulsory but strongly recommended</programlisting>
806
807 The <varname>kern.polling.enable</varname> sysctl variable
808 will then activate polling mode; with the
809 <varname>kern.polling.user_frac</varname> sysctl indicating
810 the percentage of CPU time to be reserved for userland. The
811 devices initially supporting polling are &man.dc.4;,
812 &man.fxp.4;, &man.rl.4;, and &man.sis.4;. More details can be found in
813 the &man.polling.4; manual page. &merged;</para>
814
815 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain
816 network drivers (specifically &man.dc.4; and &man.sis.4;) has
817 been enhanced by the elimination of unnecessary buffer
818 copies. &merged;</para>
819 </sect3>
820
821 <sect3>
822 <title>Network Protocols</title>
823
824 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce
825 overheads when accepting and reading new connections on
826 listening sockets, has been added. &merged;</para>
827
828 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s
829 <option>-d</option> option has been renamed to
830 <literal>pub</literal>, for consistency with the
831 <option>-s</option> option. The <literal>only</literal> keyword
832 has been added to the <option>-s</option> and
833 <option>-S</option> flags, to be used in creating
834 <quote>proxy-only</quote> published entries. &merged;</para>
835
836 <para role="historic">The read timeout feature of &man.bpf.4; now works more
837 correctly with &man.select.2;/&man.poll.2;, and therefore with
838 pthreads. &merged;</para>
839
840 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some
841 enhancements and bug fixes, and are now loadable
842 modules. &merged;</para>
843
844 <para role="historic">&man.bridge.4; now has better support for multiple,
845 fully-independent bridging clusters, and is much more stable
846 in the presence of dynamic attachments and detatchments. Full
847 support for VLANs is also supported. &merged;</para>
848
849 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP
850 RSTs generated due to packets sent to open and unopen ports
851 are now limited by separate counters. Each rate limiting
852 queue now has its own description.</para>
853
854 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can
855 now RST TCP connections in the <literal>SYN_SENT</literal>
856 state if the correct sequence numbers are sent back, as
857 controlled by the
858 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para>
859
860 <para>IP multicast now works on VLAN devices. Several other
861 bugs in the VLAN code have also been fixed.</para>
862
863 <para role="historic">A bug in the IPsec processing for IPv4, which caused the
864 inbound SPD checks to be ignored, has been fixed. &merged;</para>
865
866 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN
867 bits in TCP segments. &merged;</para>
868
869 <para role="historic">A new ng_eiface netgraph module has been added, which
870 appears as an Ethernet interface but delivers its Ethernet
871 frames to a Netgraph hook. &merged;</para>
872
873 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type
874 packets to be filtered to different hooks depending on
875 ethertype. &merged;</para>
876
877 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph
878 nodes, for operating on &man.gif.4; devices, have been
879 added.</para>
880
881 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP
882 packets into the main IP input processing code, has been
883 added.</para>
884
885 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have
886 been added to the &man.netgraph.4; subsystem. The
887 &man.ng.ether.4; node is now dynamically loadable.
888 Miscellaneous bug fixes and enhancements have also been
889 made. &merged;</para>
890
891 <para role="historic">A new netgraph node type &man.ng.one2many.4; for
892 multiplexing and demultiplexing packets over multiple links
893 has been added. &merged;</para>
894
895 <para>A new ng_split node type has been added for splitting a
896 bidirectional packet flow into two unidirectional flows.</para>
897
898 <para role="historic">A new sysctl
899 <varname>net.inet.ip.check_interface</varname>, which is on by
900 default, causes IP to verify that an incoming packet arrives
901 on an interface that has an address matching the packet's
902 destination address. &merged;</para>
903
904 <para role="historic">A new sysctl
905 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has
906 been added to control the suppression of logging when ARP
907 replies arrive on the wrong interface. &merged;</para>
908
909 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel
910 option causes the ID field of IP packets to be randomized.
911 This closes a minor information leak which allows a remote
912 observer to determine the rate at which the machine is
913 generating packets, since the default behavior is to increment
914 a counter for each packet sent. &merged;</para>
915
916 <para arch="alpha">SLIP has been removed from the
917 <filename>mfsroot</filename> floppy image.</para>
918
919 <para role="historic">TCP has received some bug fixes for its delayed ACK
920 behavior. &merged;</para>
921
922 <para role="historic">TCP now supports the NewReno modification to the TCP Fast
923 Recovery algorithm. This behavior can be controlled via the
924 <varname>net.inet.tcp.newreno</varname> sysctl
925 variable. &merged;</para>
926
927 <para role="historic">TCP now uses a more aggressive timeout for initial SYN
928 segments; this allows initial connection attempts to be
929 dropped much faster. &merged;</para>
930
931 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has
932 been removed. &merged;</para>
933
934 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has
935 been removed. Similar functionality can be achieved with the
936 <varname>net.inet.tcp.blackhole</varname> sysctl
937 variable. &merged;</para>
938
939 <para role="historic">TCP now has RFC 1323 extensions enabled by default in
940 &man.rc.conf.5;. &merged;</para>
941
942 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for
943 a connection in progress if no response has been received by
944 the third SYN segment sent. This behavior tries to work
945 around (very old) terminal servers with buggy VJ header
946 compression implementations. &merged;</para>
947
948 <para role="historic">The TCP implementation no longer requires the allocation
949 of a TCP template structure for each connection; this should
950 reduce the buffer usage on large systems handling many
951 connections. &merged;</para>
952
953 <para role="historic">TCP's default buffer sizes, controlled by the
954 <varname>net.inet.tcp.sendspace</varname> and
955 <varname>net.inet.tcp.recvspace</varname> sysctl variables,
956 have been increased to 32K and 64K respectively. Previously,
957 the default for both buffer sizes was 16K. To try to avoid
958 increasing congestion, the default value for
959 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has
960 been changed from infinity to 4. &merged;
961
962 <note>
963 <para>On busy hosts, the new larger buffer sizes may require
964 manually increasing the
965 <varname>NMBCLUSTERS</varname> parameter, either in the
966 kernel configuration file or via the
967 <varname>kern.ipc.nmbclusters</varname> loader tunable.
968 <command>netstat -mb</command> can be used to monitor the
969 state of mbuf clusters.</para>
970 </note>
971 </para>
972
973 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence
974 Number Attacks). The
975 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl
976 variable controls the reseeding of the secret data used in
977 the RFC 1948 initial sequence number calculations. &merged;</para>
978
979 <para role="historic">The TCP implementation in &os; now implements a cache of
980 outstanding, received SYN segments. Incoming SYN segments now
981 cause entries to be placed in the cache until the TCP
982 three-way handshake is complete, at which point, memory is
983 allocated for the connection as usual. In addition, all TCP
984 Initial Sequence Numbers (ISNs) are used as cookies, allowing
985 entries in the cache to be dropped, but still have their
986 corresponding ACKs accepted later. The combination of the
987 so-called
988 <quote>syncache</quote> and <quote>syncookies</quote> features
989 makes a host much more resistant to TCP-based Denial of
990 Service attacks. Work on this feature was sponsored by DARPA
991 and NAI Labs. &merged;</para>
992
993 <para role="historic">A bug in the TCP implementation, which could cause
994 connections to stall if a sender saw a zero-sized window, has
995 been corrected. &merged;</para>
996
997 <para role="historic">The TCP implementation now properly ignores packets
998 addressed to IP-layer broadcast addresses. &merged;</para>
999
1000 <para>The ephemeral port range used for TCP and UDP has been
1001 changed to 49152–65535 (the old default was
1002 1024–5000). This increases the number of concurrent
1003 outgoing connections/streams.</para>
1004 </sect3>
1005
1006 <sect3>
1007 <title>Disks and Storage</title>
1008
1009 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI
1010 RAID controllers has been added, in the form of the
1011 &man.aac.4; driver. This driver includes proper handling of
1012 commands initiated by the adapter, addition/removal of disk
1013 devices, crashdump functionality, and &man.ioctl.2; commands
1014 necessary for the management CLI, and is fully qualified and
1015 sanctioned by Adaptec. &merged;</para>
1016
1017 <para role="historic">The &man.ahc.4; driver has received numerous updates,
1018 bugfixes, and enhancements. Among various improvements are
1019 improved compatibility with chips in <quote>RAID Port</quote>
1020 mode and systems with AAA and/or ARO cards installed, as well
1021 as performance improvements. Some bugs were also fixed,
1022 including a rare hang on Ultra2/U160
1023 controllers. &merged;</para>
1024
1025 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support
1026 for the Adaptec SCSI RAID controller family, as well as the
1027 DPT SmartRAID V and VI families, has been
1028 added. &merged;</para>
1029
1030 <para arch="i386" role="historic">The &man.asr.4; driver now supports the
1031 Adaptec 2000S and 2005S Zero-Channel RAID
1032 controllers. &merged;</para>
1033
1034 <para role="historic">The &man.ata.4; driver now has support for ATA100
1035 controllers. In addition, it now supports the ServerWorks
1036 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100
1037 chipsets, and the Cyrix 5530. &merged;</para>
1038
1039 <para role="historic">To provide more flexible configuration, the various
1040 options for the &man.ata.4; driver are now boot loader
1041 tunables, rather than kernel configure-time
1042 options. &merged;</para>
1043
1044 <para role="historic">The &man.ata.4; driver now has support for tagged queuing,
1045 which is enabled by the <varname>hw.ata.tags</varname> loader
1046 tunable. &merged;</para>
1047
1048 <para role="historic">The &man.ata.4; driver now has support for ATA
1049 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak
1050 and HighPoint HPT370 controllers. &merged;</para>
1051
1052 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS
1053 chipsets, as listed in the Hardware Notes. &merged;</para>
1054
1055 <para role="historic">The &man.ata.4; driver now has support for creating,
1056 deleting, querying, and rebuilding ATA RAIDs under control of
1057 &man.atacontrol.8;. &merged;</para>
1058
1059 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM
1060 burners, is now supported. &merged;</para>
1061
1062 <para role="historic">The &man.ata.4; driver now has support for 48-bit
1063 addressing. Devices larger than 137GB are now
1064 supported. &merged;</para>
1065
1066 <para role="historic">The &man.ata.4; driver now contains fixes for some data
1067 corruption problems on systems using the VIA 82C686B
1068 Southbridge chip. &merged;</para>
1069
1070 <para role="historic">The &man.cd.4; driver now has support for write
1071 operations. This allows writing to DVD-RAM, PD and similar
1072 drives that probe as CD devices. Note that change affects
1073 only random-access writeable devices, not sequential-only
1074 writeable devices such as CD-R drives, which are supported by
1075 &man.cdrecord.1; (a part of
1076 <filename role="package">sysutils/cdrtools</filename> in the
1077 Ports Collection. &merged;</para>
1078
1079 <para arch="i386" role="historic">The ciss driver, for devices utilizing the
1080 Common Interface for SCSI-3 Support, has been added. This
1081 driver supports the Compaq SmartRAID 5* family of RAID
1082 controllers (5300, 532, 5i). &merged;</para>
1083
1084 <para>The &man.fdc.4; floppy disk has undergone a number of
1085 enhancements. Density selection for common settings is now
1086 automatic; the driver is also much more flexible in setting
1087 the densities of various subdevices.</para>
1088
1089 <para>The &man.geom.4; disk I/O request transformation framework
1090 has been added; this extensible framework is designed to
1091 support a wide variety of operations on I/O requests on their
1092 way from the upper kernel to the device drivers.</para>
1093
1094 <para role="historic">The ida disk driver now has crashdump
1095 support. &merged;</para>
1096
1097 <para arch="i386" role="historic">The iir driver has been added to support the
1098 Intel Integrated RAID controllers, as well as prior ICP Vortex
1099 controllers.</para>
1100
1101 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to
1102 attach when connected to a SCSI card driven by &man.isp.4; has
1103 been fixed. &merged;</para>
1104
1105 <para>The &man.isp.4; driver is now proactive about discovering
1106 Fibre Channel topology changes.</para>
1107
1108 <para>The &man.isp.4; driver now supports target mode for Qlogic
1109 SCSI cards, including Ultra2 and Ultra3 and dual bus
1110 cards.</para>
1111
1112 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and
1113 2312 Optical Fibre Channel PCI cards. &merged;</para>
1114
1115 <para>&man.md.4;, the memory disk device, has had the
1116 functionality of &man.vn.4; incorporated into it. &man.md.4;
1117 devices can now be configured by &man.mdconfig.8;. &man.vn.4;
1118 has been removed. The Memory Filesystem (MFS) has also been
1119 removed.</para>
1120
1121 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI
1122 AccelRAID and eXtremeRAID controllers with firmware 6.X and
1123 later, has been added. &merged;</para>
1124
1125 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported
1126 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja
1127 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers.
1128 All three drivers can be built and loaded as
1129 modules. &merged;</para>
1130
1131 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk
1132 driver, has been added.</para>
1133
1134 <para>Some problems in &man.sa.4; error handling have been
1135 fixed, including the <quote>tape drive spinning indefinitely
1136 upon &man.mt.1; <option>stat</option></quote> problem.</para>
1137
1138 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has
1139 added. &merged;</para>
1140
1141 <para role="historic">The &man.wd.4; compatibility devices were removed from the
1142 &man.ata.4; driver. &merged;</para>
1143 </sect3>
1144
1145 <sect3>
1146 <title>Filesystems</title>
1147
1148 <para>Support for named extended attributes was added to the
1149 &os; kernel. This allows the kernel, and appropriately
1150 privileged userland processes, to tag files and directories
1151 with attribute data. Extended attributes were added to
1152 support the TrustedBSD Project, in particular ACLs, capability
1153 data, and mandatory access control labels (see
1154 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for
1155 details).</para>
1156
1157 <para role="historic">Due to a licensing change, softupdates have been
1158 integrated into the main portion of the kernel source tree.
1159 As a consequence, softupdates are now available with the
1160 <filename>GENERIC</filename> kernel. &merged;</para>
1161
1162 <para>A filesystem snapshot capability has been added to FFS.
1163 Details can be found in
1164 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para>
1165
1166<!-- The following note needs to be made more specific or eliminated. -->
1167 <para>Softupdates for FFS have received some bug fixes and
1168 enhancements.</para>
1169
1170 <para>When running with softupdates, &man.statfs.2; and
1171 &man.df.1; will track the number of blocks and files that are
1172 committed to being freed.</para>
1173
1174 <para role="historic">A bug in FFS that could cause superblock corruption on
1175 very large filesystems has been corrected. &merged;</para>
1176
1177 <para role="historic">The ISO-9660 filesystem now has a hook that supports a
1178 loadable character conversion routine. The
1179 <filename role="package">sysutils/cd9660_unicode</filename>
1180 port contains a set of common conversions. &merged;</para>
1181
1182 <para>&man.kernfs.5; is obsolete and has been retired.</para>
1183
1184 <para role="historic">A bug in the NFS client that caused bogus access times with
1185 <literal>O_EXCL|O_CREAT</literal> opens was
1186 fixed. &merged;</para>
1187
1188 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash
1189 algorithm) has been implemented to improve NFS performance by
1190 increasing the efficiency of the <varname>nfsnode</varname>
1191 hash tables. &merged;</para>
1192
1193 <para>Client-side NFS locks have been implemented.</para>
1194
1195 <para>The client-side and server-side of the NFS code in the
1196 kernel used to be intertwined in various complex ways. They
1197 have been split apart for ease of maintenance and further
1198 development.</para>
1199
1200 <para>Support for filesystem Access Control Lists (ACLs) has
1201 been introduced, allowing more fine-grained control of
1202 discretionary access control on files and directories. This
1203 support was integrated from the TrustedBSD Project. More
1204 details can be found in
1205 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para>
1206
1207 <para role="historic">The directory layout preference algorithm for FFS
1208 (<literal>dirprefs</literal>) has been changed. Rather than
1209 scattering directory blocks across a disk, it attempts to
1210 group related directory blocks together. Operations
1211 traversing large directory hierarchies, such as the &os; Ports
1212 tree, have shown marked speedups. This change is transparent
1213 and automatic for new directories. &merged;</para>
1214
1215 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added.
1216 The userland programs &man.smbutil.1; and &man.mount.smbfs.8;
1217 can be used to work with SMB shares. Note that
1218 &man.mount.smbfs.8; will automatically load the
1219 <filename>smbfs.ko</filename> module into the kernel, even if
1220 <literal>LIBMCHAIN</literal> and
1221 <literal>LIBICONV</literal> were not compiled into the kernel.
1222 &merged;</para>
1223
1224 <para>For consistency, the fdesc, fifo, null, msdos, portal,
1225 umap, and union filesystems have been renamed to fdescfs,
1226 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where
1227 applicable, modules and mount_* programs have been renamed.
1228 Compatibility <quote>glue</quote> has been added to
1229 &man.mount.8; so that <literal>msdos</literal> filesystem
1230 entries in &man.fstab.5; will work without changes.</para>
1231
1232 <para>pseudofs, a pseudo-filesystem framework, has been added.
1233 &man.linprocfs.5; and &man.procfs.5; have been modified to use
1234 pseudofs.</para>
1235
1236 <para role="historic">A simple hash-based lookup optimization for large
1237 directories called <literal>dirhash</literal> has been added.
1238 Conditional on the
1239 <literal>UFS_DIRHASH</literal> kernel option (enabled by
1240 default in the <filename>GENERIC</filename> kernel), it
1241 improves the speed of operations on very large directories at
1242 the expense of some memory. &merged;</para>
1243
1244 <para role="historic">The virtual memory subsystem now backs UFS directory
1245 memory requirements by default (this behavior is controlled
1246 via the <varname>vfs.vmiodirenable</varname> sysctl
1247 variable). &merged;</para>
1248
1249 <para role="historic">A bug that prevented the root filesystem from being
1250 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were
1251 always supported). &merged;</para>
1252
1253 <para role="historic">A number of bugs in the filesystem code, discovered
1254 through the use of the <application>fsx</application>
1255 filesystem test tool, have been fixed. Under certain
1256 circumstances (primarily related to use of NFS), these bugs
1257 could cause data corruption or kernel panics. &merged;</para>
1258
1259 <para>Network filesystems (such as NFS and smbfs filesystems)
1260 listed in <filename>/etc/fstab</filename> can now be properly
1261 mounted during startup initialization; their mounts are
1262 deferred until after the network is initialized.</para>
1263
1264 <para>Read-only support for the Universal Disk Format (UDF) has
1265 been added. This format is used on packet-written CD-RWs and
1266 most commercial DVD-Video disks. The &man.mount.udf.8;
1267 command can be used to mount these disks.</para>
1268 </sect3>
1269
1270 <sect3>
1271 <title>PCCARD Support</title>
1272
1273 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now
1274 support multiple <quote>beep types</quote> upon card insertion
1275 and removal. &merged;</para>
1276
1277 <para role="historic">On many modern hosts, PCCARD devices can be configured to
1278 route their interrupts via either the ISA or PCI interrupt
1279 paths. The &man.pcic.4; driver has been updated to support
1280 both interrupt paths (formerly, only routing via ISA was
1281 supported). &merged; In most cases, configuration of PCMCIA
1282 devices in laptops is simpler and more flexible. In addition,
1283 various Cardbus bridge PCI cards (such as those used by
1284 Orinoco PCI NICs) are now supported. Some hosts may
1285 experience problems, such as hangs or panics, with PCI
1286 interrupt routing; they can frequently be made to work by
1287 forcing the older-style ISA interrupt routing. The following
1288 lines, placed in <filename>/boot/loader.conf</filename>, may
1289 fix the problem:</para>
1290
1291 <programlisting role="historic">hw.pcic.intr_path="1"
1292 hw.pcic.irq="0"</programlisting>
1293
1294 <para role="historic">When installing &os; on such a system, typing the
1295 following lines to the boot loader may be helpful in starting
1296 up &os; for the first time:<para>
1297
1298 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput>
1299<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen>
1300
1301 <para arch="i386">Preliminary Cardbus support under NEWCARD has
1302 been added. This code supports the TI113X, TI12XX, TI125X,
1303 Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X
1304 bridges. 16-bit PC Card support is not yet functional.</para>
1305 </sect3>
1306
1307 <sect3>
1308 <title>Multimedia Support</title>
1309
1310 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS
1311 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media
1312 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound
1313 card/chipsets, and has received some other updates. Separate
1314 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace
1315 an older, unified driver. A driver for the CMedia
1316 CMI8338/CMI8738 sound chips has been added. A driver for the
1317 CS4281 sound chip has been added. A driver for the S3
1318 SonicVibes chipset has been added. &merged;</para>
1319
1320 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been
1321 added. &merged;</para>
1322
1323 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has
1324 been added, however due to licensing restrictions, it cannot
1325 be compiled into the kernel. &merged; To use this driver, add
1326 the following line to
1327 <filename>/boot/loader.conf</filename>:</para>
1328
1329 <programlisting role="historic">snd_maestro3_load="YES"</programlisting>
1330
1331 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This
1332 update provides a number of new features. New tuner types
1333 have been added, and improvements to the KLD module and to
1334 memory allocation have been made. Bugs in &man.devfs.5; when
1335 unloading and reloading have been fixed. Support for new
1336 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux)
1337 has been added. &merged;</para>
1338
1339 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100
1340 USB Radio, has been added. &merged;</para>
1341
1342 <para role="historic">When sound modules are built, one can now load all the
1343 drivers and infrastructure by <command>kldload
1344 snd</command>. &merged;</para>
1345
1346 <para>A new API has been added for sound cards with hardware
1347 volume control.</para>
1348
1349 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and
1350 815E integrated sound devices has been added. &merged;</para>
1351
1352 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA
1353 VT8233. &merged;</para>
1354
1355 <para arch="i386" role="historic">The ich sound driver now support the SiS
1356 7012 chipset. &merged;</para>
1357
1358 <para arch="i386">Drivers have been added to support the Direct
1359 Rendering Infrastructure, which can used to provide 3D
1360 acceleration within <application>XFree86</application>. Video
1361 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm),
1362 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo
1363 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP
1364 ATI Radeon (radeondrm).</para>
1365
1366 </sect3>
1367
1368 <sect3>
1369 <title>Contributed Software</title>
1370
1371 <para>The Forth Inspired Command Language
1372 (<application>FICL</application>) used in the boot loader has
1373 been updated to 3.02.</para>
1374
1375 <para>Support for Advanced Configuration and Power Interface
1376 (ACPI), a multi-vendor standard for configuration and power
1377 management, has been added. This functionality has been
1378 provided by the <application>Intel ACPI Component
1379 Architecture</application> project, as of the ACPI CA 20020308
1380 snapshot. Some backward compatability for applications using
1381 the older APM standard has been provided.</para>
1382
1383 <sect4>
1384 <title>IPFilter</title>
1385
1386 <para><application>IPFilter</application> has been updated to
1387 3.4.28.</para>
1388
1389 <para role="historic"><application>IPFilter</application> now supports
1390 IPv6. &merged;</para>
1391
1392 </sect4>
1393
1394 <sect4 arch="i386">
1395 <title>isdn4bsd</title>
1396
1397 <para><application>isdn4bsd</application> has been updated to
1398 version 1.0.2.</para>
1399
1400 <para role="historic">The &man.ifpi.4; driver for supporting the AVM
1401 Fritz!Card PCI controller has been added. &merged;</para>
1402
1403 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM
1404 Fritz!Card PCI version 2 controller has been added. &merged;</para>
1405
1406 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip
1407 Designs HFC devices under
1408 <application>isdn4bsd</application> has been
1409 added. &merged;</para>
1410
1411 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles
1412 PCI-TJ devices under <application>isdn4bsd</application> has
1413 been added. &merged;</para>
1414
1415 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and
1416 2.02 ISA PnP ISDN cards has been added to the &man.isic.4;
1417 <application>isdn4bsd</application> driver. &merged;</para>
1418
1419 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom
1420 610 ISDN ISA PnP card. &merged;</para>
1421
1422 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now
1423 supported using the &man.i4bcapi.4; and the &man.iavc.4;
1424 driver. The supported cards are the AVM B1 PCI and AVM B1
1425 ISA Basic Rate cards and the AVM T1 Primary Rate
1426 cards. &merged;</para>
1427
1428 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now
1429 accepted in &man.isdnd.rc.5; files to limit the time a
1430 connection may remain open. &merged;</para>
1431
1432 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option>
1433 option for sending messages via the keypad facility to a PBX
1434 or exchange office. &merged;</para>
1435
1436 <para><application>isdn4bsd</application> now supports Q.931
1437 subaddressing.</para>
1438
1439 </sect4>
1440
1441 <sect4 id="kame-kernel">
1442 <title>KAME</title>
1443
1444 <para role="historic">The IPv6 stack is now based on a snapshot based on the
1445 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
1446 the items listed in this section are a result of this
1447 import. <xref linkend="kame-userland"> lists userland
1448 updates to the KAME IPv6 stack. &merged;</para>
1449
1450 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC
1451 1933. The <literal>IFF_LINK2</literal> interface flag can
1452 be used to control ingress filtering. &merged;</para>
1453
1454 <para role="historic"><application>IPsec</application> has received some
1455 enhancements, including the ability to use the Rijndael and
1456 SHA2 algorithms. IPsec RC5 support has been removed due to
1457 patent issues. &merged;</para>
1458
1459 <para role="historic">&man.stf.4; now conforms to RFC 3056; the
1460 <literal>IFF_LINK2</literal> interface flag can be used to
1461 control ingress filtering. &merged;</para>
1462
1463 <para role="historic">IPv6 has better checking of illegal addresses (such as
1464 loopback addresses) on physical networks. &merged;</para>
1465
1466 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now
1467 completely supported. The kernel's default behavior with
1468 respect to this option is controlled by the
1469 <varname>net.inet6.ip6.v6only</varname> sysctl
1470 variable. &merged;</para>
1471
1472 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address
1473 Autoconfiguration) is now supported. It can be enabled via
1474 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl
1475 variable. &merged;</para>
1476 </sect4>
1477 </sect3>
1478 </sect2>
1479
1480 <sect2 id="security">
1481 <title>Security-Related Changes</title>
1482
1483 <para role="historic">&man.sysinstall.8; now allows the user to select one of two
1484 <quote>security profiles</quote> at install-time. These
1485 profiles enable different levels of system security by enabling
1486 or disabling various system services in &man.rc.conf.5; on new
1487 installs. &merged;</para>
1488
1489 <para>A bug in which malformed ELF executable images can hang the
1490 system has been fixed (see security advisory
1491 FreeBSD-SA-00:41). &merged;</para>
1492
1493 <para>A security hole in Linux emulation was fixed (see security
1494 advisory FreeBSD-SA-00:42). &merged;</para>
1495
1496 <para role="historic">String-handling library calls in many programs were fixed to
1497 reduce the possibility of buffer overflow-related exploits.
1498 &merged;</para>
1499
1500 <para>TCP now uses stronger randomness in choosing its initial
1501 sequence numbers (see security advisory
1502 FreeBSD-SA-00:52). &merged;</para>
1503
1504 <para>Several buffer overflows in &man.tcpdump.1; were corrected
1505 (see security advisory FreeBSD-SA-00:61). &merged;</para>
1506
1507 <para>A security hole in &man.top.1; was corrected (see security
1508 advisory FreeBSD-SA-00:62). &merged;</para>
1509
1510 <para>A potential security hole caused by an off-by-one-error in
1511 &man.gethostbyname.3; has been fixed (see security advisory
1512 FreeBSD-SA-00:63). &merged;</para>
1513
1514 <para>A potential buffer overflow in the &man.ncurses.3; library,
1515 which could cause arbitrary code to be run from within
1516 &man.systat.1;, has been corrected (see security advisory
1517 FreeBSD-SA-00:68). &merged;</para>
1518
1519 <para>A vulnerability in &man.telnetd.8; that could cause it to
1520 consume large amounts of server resources has been fixed (see
1521 security advisory FreeBSD-SA-00:69). &merged;</para>
1522
1523 <para>The <literal>nat deny_incoming</literal> command in
1524 &man.ppp.8; now works correctly (see security advisory
1525 FreeBSD-SA-00:70). &merged;</para>
1526
1527 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files
1528 that could allow overwriting of arbitrary user-writable files
1529 has been closed (see security advisory
1530 FreeBSD-SA-00:76). &merged;</para>
1531
1532 <para role="historic">The &man.ssh.1; binary is no longer SUID root by
1533 default. &merged;</para>
1534
1535 <para role="historic">Some fixes were applied to the Kerberos IV implementation
1536 related to environment variables, a possible buffer overrun, and
1537 overwriting ticket files. &merged;</para>
1538
1539 <para role="historic">&man.telnet.1; now does a better job of sanitizing its
1540 environment. &merged;</para>
1541
1542 <para>Several vulnerabilities in &man.procfs.5; were fixed (see
1543 security advisory FreeBSD-SA-00:77). &merged;</para>
1544
1545 <para>A bug in <application>OpenSSH</application> in which a
1546 server was unable to disable &man.ssh-agent.1; or
1547 <literal>X11Forwarding</literal> was fixed (see security
1548 advisory FreeBSD-SA-01:01). &merged;</para>
1549
1550 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP
1551 segments could incorrectly be treated as being part of an
1552 <literal>established</literal> connection has been fixed (see
1553 security advisory FreeBSD-SA-01:08). &merged;</para>
1554
1555 <para>A bug in &man.crontab.1; that could allow users to read any
1556 file on the system in valid &man.crontab.5; syntax has been
1557 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para>
1558
1559 <para>A vulnerability in &man.inetd.8; that could allow
1560 read-access to the initial 16 bytes of
1561 <groupname>wheel</groupname>-accessible files has been fixed
1562 (see security advisory FreeBSD-SA-01:11). &merged;</para>
1563
1564 <para>A bug in &man.periodic.8; that used insecure temporary files
1565 has been corrected (see security advisory
1566 FreeBSD-SA-01:12). &merged;</para>
1567
1568 <para><application>OpenSSH</application> now has code to prevent
1569 (instead of just mitigating through connection limits) an attack
1570 that can lead to guessing the server key (not host key) by
1571 regenerating the server key when an RSA failure is detected (see
1572 security advisory FreeBSD-SA-01:24). &merged;</para>
1573
1574 <para role="historic">A number of programs have had output formatting strings
1575 corrected so as to reduce the risk of
1576 vulnerabilities. &merged;</para>
1577
1578 <para role="historic">A number of programs that use temporary files now do so more
1579 securely. &merged;</para>
1580
1581 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP
1582 <quote>sessions</quote> has been corrected. &merged;</para>
1583
1584 <para>A bug in &man.timed.8;, which caused it to crash if send
1585 certain malformed packets, has been corrected (see security
1586 advisory FreeBSD-SA-01:28). &merged;</para>
1587
1588 <para>A bug in &man.rwhod.8;, which caused it to crash if send
1589 certain malformed packets, has been corrected (see security
1590 advisory FreeBSD-SA-01:29). &merged;</para>
1591
1592 <para>A security hole in &os;'s FFS and EXT2FS implementations,
1593 which allowed a race condition that could cause users to have
1594 unauthorized access to data, has been fixed (see security
1595 advisory FreeBSD-SA-01:30). &merged;</para>
1596
1597 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has
1598 been closed (see security advisory
1599 FreeBSD-SA-01:31). &merged;</para>
1600
1601 <para>A security hole in <application>IPFilter</application>'s
1602 fragment cache has been closed (see security advisory
1603 FreeBSD-SA-01:32). &merged;</para>
1604
1605 <para>Buffer overflows in &man.glob.3;, which could cause
1606 arbitrary code to be run on an FTP server, have been closed. In
1607 addition, to prevent some forms of DOS attacks, &man.glob.3;
1608 allows specification of a limit on the number of pathname
1609 matches it will return. &man.ftpd.8; now uses this feature (see
1610 security advisory FreeBSD-SA-01:33). &merged;</para>
1611
1612 <para>Initial sequence numbers in TCP are more thoroughly
1613 randomized (see security advisory FreeBSD-SA-01:39). Due to
1614 some possible compatibility issues, the behavior of this
1615 security fix can be enabled or disabled via the
1616 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl
1617 variable.&merged;</para>
1618
1619 <para>A vulnerability in the &man.fts.3; routines (used by
1620 applications for recursively traversing a filesystem) could
1621 allow a program to operate on files outside the intended
1622 directory hierarchy. This bug has been fixed (see security
1623 advisory FreeBSD-SA-01:40). &merged;</para>
1624
1625 <para role="historic"><application>OpenSSH</application> now switches to the
1626 user's UID before attempting to unlink the authentication
1627 forwarding file, nullifying the effects of a race.</para>
1628
1629 <para>A flaw allowed some signal handlers to remain in effect in a
1630 child process after being exec-ed from its parent. This allowed
1631 an attacker to execute arbitrary code in the context of a setuid
1632 binary. This flaw has been corrected (see security advisory
1633 FreeBSD-SA-01:42). &merged;</para>
1634
1635 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed
1636 (see security advisory FreeBSD-SA-01:48). &merged;</para>
1637
1638 <para>A remote buffer overflow in &man.telnetd.8; has been fixed
1639 (see security advisory FreeBSD-SA-01:49). &merged;</para>
1640
1641 <para>The new <varname>net.inet.ip.maxfragpackets</varname> and
1642 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables
1643 limit the amount of memory that can be consumed by IPv4 and IPv6
1644 packet fragments, which defends against some denial of service
1645 attacks (see security advisory
1646 FreeBSD-SA-01:52). &merged;</para>
1647
1648 <para role="historic">All services in <filename>inetd.conf</filename> are now
1649 disabled by default for new installations. &man.sysinstall.8;
1650 gives the option of enabling or disabling &man.inetd.8; on new
1651 installations, as well as editing
1652 <filename>inetd.conf</filename>. &merged;</para>
1653
1654 <para>A flaw in the implementation of the &man.ipfw.8;
1655 <literal>me</literal> rules on point-to-point links has been
1656 corrected. Formerly, <literal>me</literal> filter rules would
1657 match the remote IP address of a point-to-point interface in
1658 addition to the intended local IP address (see security advisory
1659 FreeBSD-SA-01:53). &merged;</para>
1660
1661 <para>A vulnerability in &man.procfs.5;, which could allow a
1662 process to read sensitive information from another process's
1663 memory space, has been closed (see security advisory
1664 FreeBSD-SA-01:55). &merged;</para>
1665
1666 <para>The <literal>PARANOID</literal> hostname checking in
1667 <application>tcp_wrappers</application> now works as advertised
1668 (see security advisory FreeBSD-SA-01:56). &merged;</para>
1669
1670 <para>A local root exploit in &man.sendmail.8; has been closed
1671 (see security advisory FreeBSD-SA-01:57). &merged;</para>
1672
1673 <para>A remote root vulnerability in &man.lpd.8; has been closed
1674 (see security advisory FreeBSD-SA-01:58). &merged;</para>
1675
1676 <para>A race condition in &man.rmuser.8; that briefly exposed a
1677 world-readable <filename>/etc/master.passwd</filename> has been
1678 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para>
1679
1680 <para>A vulnerability in <application>UUCP</application> has been
1681 closed (see security advisory FreeBSD-SA-01:62). All
1682 non-<username>root</username>-owned binaries in standard system
1683 paths now have the <literal>schg</literal> flag set to prevent
1684 exploit vectors when run by &man.cron.8;, by
1685 <username>root</username>, or by a user other then the one owning
1686 the binary. In addition, &man.uustat.1; is now run via
1687 <filename>/etc/periodic/daily/410.status-uucp</filename> as
1688 <username>uucp</username>, not <username>root</username>. In
1689 &os; -CURRENT, <application>UUCP</application> has since been
1690 moved to the Ports Collection and no longer a part of the base
1691 system. &merged;</para>
1692
1693 <para role="historic">A security hole in the form of a buffer overflow in the
1694 &man.semop.2; system call has been closed. &merged;</para>
1695
1696 <para>A security hole in <application>OpenSSH</application>, which
1697 could allow users to execute code with arbitrary privileges if
1698 <literal>UseLogin yes</literal> was set, has been closed. Note
1699 that the default value of this setting is
1700 <literal>UseLogin no</literal>. (See security advisory
1701 FreeBSD-SA-01:63.) &merged;</para>
1702
1703 <para>The use of an insecure temporary directory by
1704 &man.pkg.add.1; could permit a local attacker to modify the
1705 contents of binary packages while they were being installed.
1706 This hole has been closed. (See security advisory
1707 FreeBSD-SA-02:01.) &merged;</para>
1708
1709 <para>A race condition in &man.pw.8;, which could expose the
1710 contents of <filename>/etc/master.passwd</filename>, has been
1711 eliminated. (See security advisory FreeBSD-SA-02:02.)
1712 &merged;</para>
1713
1714 <para>A bug in &man.k5su.8; could have allowed a process that had
1715 given up superuser privileges to regain them. This bug has been
1716 fixed. (See security advisory FreeBSD-SA-02:07.)
1717 &merged;</para>
1718
1719 <para>An <quote>off-by-one</quote> bug has been fixed in
1720 <application>OpenSSH</application>'s multiplexing code. This bug
1721 could have allowed an authenticated remote user to cause
1722 &man.sshd.8; to execute arbitrary code with superuser
1723 privileges, or allowed a malicious SSH server to execute arbitrary
1724 code on the client system with the privileges of the client user. (See security
1725 advisory <ulink
1726 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
1727 &merged;</para>
1728
1729 <para>A programming error in <application>zlib</application> could
1730 result in attempts to free memory multiple times. The
1731 &man.malloc.3;/&man.free.3; routines used in &os; are not
1732 vulnerable to this error, but applications receiving
1733 specially-crafted blocks of invalid compressed data could
1734 be made to function incorrectly or abort. This
1735 <application>zlib</application> bug has been fixed. For a
1736 workaround and solutions, see security advisory <ulink
1737 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc">FreeBSD-SA-02:18</ulink>.
1738 &merged;</para>
1739
1740 <para>Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN
1741 cookie (<quote>syncookie</quote>) implementations, which could
1742 cause legitimate TCP/IP traffic to crash a machine, have been
1743 fixed. For a workaround and patches, see security advisory
1744 <ulink
1745 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc">FreeBSD-SA-02:20</ulink>.
1746 &merged;</para>
1747
1748 <para>A routing table memory leak, which could allow a remote
1749 attacker to exhaust the memory of a target machine, has been
1750 fixed. A workaround and patches can be found in security
1751 advisory <ulink
1752 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc">FreeBSD-SA-02:21</ulink>.
1753 &merged;</para>
1754
1755 <para>A bug with memory-mapped I/O, which could cause a system
1756 crash, has been fixed. For more information about a solution,
1757 see security advisory <ulink
1758 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc">FreeBSD-SA-02:22</ulink>.
1759 &merged;</para>
1760
1761 <para>A security hole, in which SUID programs could be made to
1762 read from or write to inappropriate files through manipulation
1763 of their standard I/O file descriptors, has been fixed.
1764 Information regarding a solution can be found in security
1765 advisory <ulink
1766 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>.
1767 &merged;</para>
1768
1769 <para>Some unexpected behavior could be allowed with &man.k5su.8;
1770 because it does not require that an invoking user be a member of
1771 the <groupname>wheel</groupname> group when attempting to become
1772 the superuser (this is the case with &man.su.1;). To avoid this
1773 situation, &man.k5su.8; is now installed non-SUID by default
1774 (effectively disabling it). More information can be found in
1775 security advisory <ulink
1776 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>.
1777 &merged;</para>
1778
1779 <para>Multiple vulnerabilities were found in the &man.bzip2.1;
1780 utility, which could allow files to be overwritten without
1781 warning or allow local users unintended access to files. These
1782 problems have been corrected with a new import of
1783 <application>bzip2</application>. For more information, see
1784 security advisory <ulink
1785 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>.
1786 &merged;</para>
1787
1788 <para>A bug has been fixed in the implementation of the TCP SYN
1789 cache (<quote>syncache</quote>), which could allow a remote
1790 attacker to deny access to a service when accept filters
1791 (see &man.accept.filter.9;) were in use. This bug has been
1792 fixed; for more information, see security advisory <ulink
1793 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>.
1794 &merged;</para>
1795
1796 <para>Due to a bug in &man.rc.8;'s use of shell globbing, users
1797 may be able to remove the contents of arbitrary files if
1798 <filename>/tmp/.X11-unix</filename> does not exist and the
1799 system can be made to reboot. This bug has been corrected (see
1800 security advisory <ulink
1801 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>).
1802 &merged;</para>
1803
1804 </sect2>
1805
1806 <sect2 id="userland">
1807 <title>Userland Changes</title>
1808
1809 <para role="historic">If the first argument to &man.ancontrol.8; or
1810 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it
1811 is assumed to be an interface. &merged;</para>
1812
1813 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels
1814 and execute commands based on percentage or minutes of battery
1815 life remaining via the <literal>apm_battery</literal>
1816 configuration directive. See the commented-out examples in
1817 <filename>/etc/apmd.conf</filename> for the
1818 syntax. &merged;</para>
1819
1820 <para role="historic">&man.arp.8; now prints the applicable interface name for
1821 each ARP entry. &merged;</para>
1822
1823 <para>&man.arp.8; now prints <literal>[fddi]</literal> or
1824 <literal>[atm]</literal> tags for addresses on interfaces of
1825 those types.</para>
1826
1827 <para>The &man.asa.1; utility, to interpret FORTRAN
1828 carriage-control characters, has been added.</para>
1829
1830 <para>&man.at.1; now supports the <option>-r</option> command-line
1831 option to remove jobs and the <option>-t</option> option to
1832 specify times in POSIX time format.</para>
1833
1834 <para role="historic">&man.atacontrol.8; has been added to control various aspects
1835 of the &man.ata.4; driver. &merged;</para>
1836
1837 <para>The system &man.awk.1; now refers to
1838 <application>BWK awk</application>. <application>GNU
1839 awk</application> is now available as &man.gawk.1;.</para>
1840
1841 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager
1842 installation and configuration utility, has been
1843 added. &merged;</para>
1844
1845 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for
1846 multisession mode (the default behavior now is to close disks as
1847 single-session). A <option>-l</option> option to take a list of
1848 image files from a filename was also added;
1849 <filename>-</filename> can be used as a filename for
1850 <literal>stdin</literal>. &merged;</para>
1851
1852 <para>&man.burncd.8; now supports Disk At Once (DAO) mode,
1853 selectable via the <option>-d</option> flag.</para>
1854
1855 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para>
1856
1857 <para role="historic">&man.c89.1; has been converted from a shell script to a
1858 binary executable, fixing some minor bugs. &merged;</para>
1859
1860 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is
1861 now available on the installation floppy. This allows it to
1862 rescan for devices that have been connected after booting, or to
1863 show the devices attached to SCSI busses (e. g. from within the
1864 <quote>emergency holographic shell</quote>). &merged;</para>
1865
1866 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain
1867 sockets. &merged;</para>
1868
1869 <para>&man.catman.1; is now a C program, instead of a
1870 Perl script.</para>
1871
1872 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal>
1873 command, which calculates and displays the CD serial number,
1874 using the same algorithm used by the CDDB
1875 database. &merged;</para>
1876
1877 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar>
1878 environment variable to pick a default device. &merged;</para>
1879
1880 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and
1881 <literal>prev</literal> commands to skip forwards or backwards a
1882 specified number of tracks while playing an audio
1883 CD. &merged;</para>
1884
1885 <para>On ATAPI CDROM drives, &man.cdcontrol.1; now supports a
1886 <literal>speed</literal> command to set the maximum speed to be
1887 used by the drive. &merged;</para>
1888
1889 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename>
1890 to <filename>/bin</filename>.</para>
1891
1892 <para role="historic">&man.chio.1; now has the ability to specify elements by
1893 volume tag instead of by their physical location as well as the
1894 ability to return an element to its previous
1895 location. &merged;</para>
1896
1897 <para>&man.chmod.1; now supports a <option>-h</option> for
1898 changing the mode of a symbolic link.</para>
1899
1900 <para role="historic">&man.chown.8; now correctly follows symbolic links named as
1901 command line arguments if run without
1902 <option>-R</option>. &merged;</para>
1903
1904 <para>&man.chown.8; no longer takes <literal>.</literal> as a
1905 user/group delimeter. This change was made to support usernames
1906 containing a <literal>.</literal>.</para>
1907
1908 <para>Use of the <literal>CSMG_*</literal> macros no longer
1909 require inclusion of
1910 <filename><sys/param.h></filename></para>
1911
1912 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force
1913 unknown control sequences to be passed through
1914 unchanged. &merged;</para>
1915
1916 <para role="historic">The <filename>compat3x</filename> distribution has been
1917 updated to include libraries present in &os;
1918 3.5.1-RELEASE. &merged;</para>
1919
1920 <para>A <filename>compat4x</filename> distribution has been added
1921 for compatibility with &os; 4-STABLE.</para>
1922
1923 <para role="historic">&man.config.8; is now better about converting various
1924 warnings that should have been errors into actual fatal errors
1925 with an exit code. This ensures that <literal>make
1926 buildkernel</literal> doesn't quietly ignore them and build a
1927 bogus kernel without a human to read the errors. &merged;</para>
1928
1929 <para role="historic">A number of buffer overflows in &man.config.8; have been
1930 fixed. &merged;</para>
1931
1932 <para>A new &man.csplit.1; utility, which splits files based on
1933 context, has been added.</para>
1934
1935 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the
1936 source file used <literal>//</literal> (C++-style)
1937 comments. &merged;</para>
1938
1939 <para>The &man.daemon.8; program, a command-line interface to
1940 &man.daemon.3;, has been added. It detaches itself from its
1941 controlling terminal and executes a program specified on the
1942 command line. This allows the user to run an arbitrary program
1943 as if it were written to be a daemon.</para>
1944
1945 <para>&man.devinfo.8;, a simple tool to print the device tree and resource
1946 usage by devices, has been added.</para>
1947
1948 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only
1949 display information about locally-mounted
1950 filesystems. &merged;</para>
1951
1952 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in
1953 kilobytes, megabytes, or gigabytes, in addition to
1954 sectors. &merged;</para>
1955
1956 <para>diskpart(8) has been declared obsolete, and has been
1957 removed.</para>
1958
1959 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show
1960 the entire message buffer, including &man.syslogd.8; records and
1961 <filename>/dev/console</filename> output. &merged;</para>
1962
1963 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag
1964 to ignore/skip files and subdirectories matching a specified
1965 shell-glob mask. &merged;</para>
1966
1967 <para role="historic">&man.dump.8; now supports inheritance of the
1968 <literal>nodump</literal> flag down a hierarchy. &merged;</para>
1969
1970 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer
1971 swallows an extra argument. &merged;</para>
1972
1973 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing
1974 the path to the <filename>/etc/dumpdates</filename> file to be
1975 changed. &merged;</para>
1976
1977 <para role="historic">&man.dump.8; now supplies progress information in its
1978 process title, useful for monitoring automated
1979 backups. &merged;</para>
1980
1981 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow
1982 it to just print out the dump size estimates and exit.</para>
1983
1984 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to
1985 allow limiting the prototype quota distribution (specified with
1986 <option>-p</option>) to a single filesystem. &merged;</para>
1987
1988 <para role="historic"><filename>/etc/rc.firewall</filename> and
1989 <filename>/etc/rc.firewall6</filename> will no longer add their own
1990 hardcoded rules in the cases of a rules file in the
1991 <varname>firewall_type</varname> variable or a non-existent
1992 firewall type. (The motivation for this change is to avoid
1993 acting on assumptions about a site's firewall policies.) In
1994 addition, the <literal>closed</literal> firewall type now works
1995 as documented in the &man.rc.firewall.8; manual page. &merged;</para>
1996
1997 <para role="historic">The functionality of <filename>/etc/security</filename> has
1998 been been moved into a set of scripts under the &man.periodic.8;
1999 framework, to make local customization easier and more
2000 maintainable. These scripts now reside in
2001 <filename>/etc/periodic/security/</filename>. &merged;</para>
2002
2003 <para>&man.expr.1; is now compliant with the POSIX Utility Syntax
2004 Guidelines. Some programs depend on the old, historic behavior
2005 (the <filename role="package">devel/libtool</filename>
2006 port/package was/is a notable example). In these situations,
2007 the <envar>EXPR_COMPAT</envar> environment variable can be
2008 defined, which causes &man.expr.1; to behave more like previous
2009 versions.</para>
2010
2011 <para>&man.fbtab.5; now accepts glob matching patterns for target
2012 devices, not just individual devices and directories.</para>
2013
2014 <para arch="i386">&man.fdisk.8; no longer attempts to search for a
2015 device if none has been specified on the command line, but
2016 instead tries to figure out the default device name from the
2017 root device.</para>
2018
2019 <para>&man.fdread.1;, a program to read data from floppy disks,
2020 has been added. It is a counterpart to &man.fdwrite.1; and is
2021 designed to provide a means of recovering at least some data
2022 from bad media, and to obviate for a complex invocation of
2023 &man.dd.1;.</para>
2024
2025 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag,
2026 which returns true if a file or directory is
2027 empty. &merged;</para>
2028
2029 <para role="historic">&man.find.1; now takes the <option>-iname</option> and
2030 <option>-ipath</option> primaries for case-insensitive matches,
2031 and the <option>-regexp</option> and <option>-iregexp</option>
2032 primaries for regular-expression matches. The
2033 <option>-E</option> flag now enables extended regular
2034 expressions. &merged;</para>
2035
2036 <para role="historic">&man.find.1; now has the <option>-anewer</option>,
2037 <option>-cnewer</option>, <option>-mnewer</option>,
2038 <option>-okdir</option>, and <option>-newer[acm][acmt]</option>
2039 primaries for comparisons of file timestamps. The latter
2040 primaries can be specified with various units of
2041 time. &merged;</para>
2042
2043 <para role="historic">&man.finger.1; now has the ability to support fingering
2044 aliases, via the &man.finger.conf.5; file. &merged;</para>
2045
2046 <para>&man.finger.1; now has support for a
2047 <filename>.pubkey</filename> file.</para>
2048
2049 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number
2050 of bugs compared to its prior behavior. &merged;</para>
2051
2052 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of
2053 format string arguments, has been added. &merged;</para>
2054
2055 <para>&man.fold.1; now supports a <option>-b</option> flag to
2056 break at byte positions and a <option>-s</option> flag to break at
2057 word boundaries.</para>
2058
2059 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal>
2060 command to list the blocks allocated by a particular
2061 inode. &merged;</para>
2062
2063 <para>&man.fsck.8; wrappers have been imported; this feature
2064 provides infrastructure for &man.fsck.8; to work on different
2065 types of filesystems (analogous to &man.mount.8;).</para>
2066
2067 <para>The behavior of &man.fsck.8; when dealing with various
2068 passes (a la <filename>/etc/fstab</filename>) has been modified
2069 to accommodate multiple-disk filesystems.</para>
2070
2071 <para>&man.fsck.8; now has support for foreground
2072 (<option>-F</option>) and background (<option>-B</option>)
2073 checks. Traditionally, &man.fsck.8; is invoked before the
2074 filesystems are mounted and all checks are done to completion at
2075 that time. If background checking is available, &man.fsck.8; is
2076 invoked twice. It is first invoked at the traditional time,
2077 before the filesystems are mounted, with the <option>-F</option>
2078 flag to do checking on all the filesystems that cannot do
2079 background checking. It is then invoked a second time, after
2080 the system has completed going multiuser, with the
2081 <option>-B</option> flag to do checking on all the filesystems
2082 that can do background checking. Unlike the foreground
2083 checking, the background checking is started asynchronously so
2084 that other system activity can proceed even on the filesystems
2085 that are being checked. Boot-time enabling of this feature is
2086 controlled by the
2087 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para>
2088
2089 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal>
2090 signal (normally control-T from the controlling tty),
2091 &man.fsck.ffs.8; will now output a line indicating the current
2092 phase number and progress information relevant to the current
2093 phase. &merged;</para>
2094
2095 <para>&man.fsck.ffs.8; now supports background filesystem checks
2096 to mounted FFS filesystems with the <option>-B</option> option
2097 (softupdates must be enabled on these filesystems). The
2098 <option>-F</option> flag now determines whether a specified
2099 filesystem needs foreground checking.</para>
2100
2101 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check
2102 the consistency of MS-DOS filesystems. &merged;</para>
2103
2104 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for
2105 read-only mode and a <option>-E</option> flag to disable
2106 <literal>EPSV</literal>. It also has some fixes to reduce
2107 information leakage and the ability to specify compile-time port
2108 ranges. &merged;</para>
2109
2110 <para>&man.ftpd.8; now supports <option>-o</option> and
2111 <option>-O</option> options to disable the
2112 <literal>RETR</literal> command; the former for everybody, and
2113 the latter only for guest users. Coupled with
2114 <option>-A</option> and appropriate file permissions, these can
2115 be used to create a relatively safe anonymous FTP drop box for
2116 others to upload to.</para>
2117
2118 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware
2119 watchpoints (using the kernel's debug register + support that
2120 has been introduced in &os; 4.0). &merged;</para>
2121
2122 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library
2123 functions have been added to manipulate the name of the current
2124 program. They are used by error-reporting routines to produce
2125 consistent output. &merged;</para>
2126
2127 <para>&man.gprof.1; now has a <option>-K</option> option to enable
2128 dynamic symbol resolution from the currently-running kernel.
2129 With this change, properly-compiled KLD modules are now able to
2130 be profiled.</para>
2131
2132 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has
2133 been added. &man.ffsinfo.8;, a utility for dump all the
2134 meta-information of an existing filesystem, has also been
2135 added. &merged;</para>
2136
2137 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now
2138 unnecessary; their functionality has been completely folded into
2139 &man.id.1;. &merged;</para>
2140
2141 <para>The ibcs(8), linux(8), osf1(8), and
2142 svr4(8) scripts, whose sole purpose was to load emulation
2143 kernel modules, have been removed. The kernel module system
2144 will automatically load them as needed to fulfill
2145 dependencies.</para>
2146
2147 <para role="historic">&man.indent.1; has gained some new formatting
2148 options. &merged;</para>
2149
2150 <para role="historic">&man.ifconfig.8; can set the link-layer address of
2151 an interface using the <option>link</option> parameter.
2152 &merged;</para>
2153
2154 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR
2155 notation. &merged;</para>
2156
2157 <para role="historic">&man.ifconfig.8; now has support for setting parameters for
2158 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4;
2159 devices are supported, and partial support is provided for
2160 &man.awi.4; devices. &merged;</para>
2161
2162 <para role="historic">&man.ifconfig.8; no longer displays the list of supported
2163 media by default. Instead it displays it when the
2164 <option>-m</option> flag is given. &merged;</para>
2165
2166 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is
2167 now compatible with that of other BSDs. &merged;</para>
2168
2169 <para role="historic">The <literal>ident</literal> protocol support in
2170 &man.inetd.8; has been cleaned up and updated. &merged;</para>
2171
2172 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain
2173 sockets. &merged;</para>
2174
2175 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at
2176 boot-time, although &man.sysinstall.8; gives the option of
2177 enabling it during binary installations. &man.inetd.8; can also
2178 be enabled by adding the following line to
2179 <filename>/etc/rc.conf</filename>:</para>
2180
2181 <programlisting>inetd_enable="YES"</programlisting>
2182
2183 <para role="historic">&man.install.1; has a number of new features, including the
2184 <option>-b</option> and <option>-B</option> options for backing up
2185 existing target files and the <option>-S</option> option for
2186 <quote>safe</quote> (atomic copy) operation. The
2187 <option>-c</option> (copy) flag is now the default, and the
2188 <option>-D</option> (debugging) flag has been withdrawn.
2189 &man.install.1; now issues a warning if <option>-d</option>
2190 (create directories) and <option>-C</option> (copy changed files
2191 only) are used together. &merged;</para>
2192
2193 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time
2194 configuration and initialization. &merged;</para>
2195
2196 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option
2197 to turn on a &man.top.1;-like display. &merged;</para>
2198
2199 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall
2200 rules unless the <option>-d</option> flag is passed to it. The
2201 <option>-e</option> option lists expired dynamic
2202 rules. &merged;</para>
2203
2204 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that
2205 allows for packet matching on interfaces with
2206 dynamically-changing IP addresses. &merged;</para>
2207
2208 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of
2209 firewall rule, which limits the number of sessions between
2210 address pairs. &merged;</para>
2211
2212 <para>&man.ipfw.8; filter rules can now match on the value of the
2213 IPv4 precedence field.</para>
2214
2215 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and
2216 use the <option>-q</option> (quiet) flag when reading from a
2217 file. &merged;</para>
2218
2219 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality
2220 has been folded into &man.spppcontrol.8;. &merged;</para>
2221
2222 <para role="historic">&man.k5su.8; is no longer installed SUID
2223 <username>root</username> by default. Users requiring this
2224 feature can either manually change the permissions on the
2225 &man.k5su.8; executable or add
2226 <literal>ENABLE_SUID_K5SU=yes</literal> to
2227 <filename>/etc/make.conf</filename> before a source
2228 upgrade. &merged;</para>
2229
2230 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has
2231 been added. &merged;</para>
2232
2233 <para>&man.kenv.1; now has the ability to set or delete kernel
2234 environment variables.</para>
2235
2236 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl
2237 script. &merged;</para>
2238
2239 <para>The kget(8) utility has been removed (it was only
2240 useful for UserConfig, which is not present in &os;
2241 &release.current;).</para>
2242
2243 <para role="historic">&man.killall.1; is now a C program, rather than a Perl
2244 script. As a result, its <option>-m</option> option now uses
2245 the regular expression syntax of &man.regex.3;, rather than that
2246 of Perl. &merged;</para>
2247
2248 <para>&man.killall.1; no longer tries to kill zombie processes
2249 unless the <option>-z</option> flag is specified.</para>
2250
2251 <para role="historic">The &man.kldconfig.8; utility has been added to make it
2252 easier to manipulate the kernel module search
2253 path. &merged;</para>
2254
2255 <para>ktrdump, a utility to dump the ktr trace buffer from
2256 userland, has been added.</para>
2257
2258 <para role="historic">&man.last.1; now implements a <option>-d</option> that
2259 provides a <quote>snapshot</quote> of who was logged in at a
2260 particular date and time. &merged;</para>
2261
2262 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which
2263 causes the year to be included in the session start time. &merged;</para>
2264
2265 <para role="historic">The &man.lastlogin.8; utility, which prints the last login
2266 time of each user, has been imported from
2267 NetBSD. &merged;</para>
2268
2269 <para role="historic">&man.ldconfig.8; now checks directory ownerships and
2270 permissions for greater security; these checks can be disabled
2271 with the <option>-i</option> flag. &merged;</para>
2272
2273 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition
2274 to executables. &merged;</para>
2275
2276 <para>&man.ldd.1; now supports a <option>-a</option> flag to list
2277 all the objects that are needed by each loaded object.</para>
2278
2279 <para><filename>libc</filename> is now thread-safe by default;
2280 <filename>libc_r</filename> contains only thread
2281 functions.</para>
2282
2283 <para role="historic"><filename>libcrypt</filename> and
2284 <filename>libdescrypt</filename> have been unified to provide a
2285 configurable password authentication hash library. Both the md5
2286 and des hash methods are provided unless the des hash is
2287 specifically compiled out. &merged;</para>
2288
2289 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish
2290 password hashing. &merged;</para>
2291
2292 <para arch="i386" role="historic"><filename>libdisk</filename> can now do
2293 install-time configuration of the <filename>boot0</filename>
2294 boot loader. &merged;</para>
2295
2296 <para role="historic"><filename>libstand</filename> now has support for
2297 filesystems containing
2298 <application>bzip2</application>-compressed
2299 files. &merged;</para>
2300
2301 <para><filename>libstand</filename> now has support for
2302 overwriting the contents of a file on a UFS filesystem (it
2303 cannot expand or truncate files because the filesystem may be
2304 dirty or inconsistent).</para>
2305
2306 <para role="historic"><filename>libstand</filename> now has support for loading
2307 large kernels and modules split across several physical
2308 media. &merged;</para>
2309
2310 <para role="historic">The default TCP port range used by
2311 <filename>libfetch</filename> for passive FTP retrievals has
2312 changed; this affects the behavior of &man.fetch.1;, which has
2313 gained the <option>-U</option> option to restore the old
2314 behavior. &merged;</para>
2315
2316 <para role="historic"><filename>libfetch</filename> now has support for an
2317 authentication callback. &merged;</para>
2318
2319 <para role="historic"><filename>libfetch</filename> now has support for a
2320 <envar>HTTP_USER_AGENT</envar> environment
2321 variable. &merged;</para>
2322
2323 <para><filename>libgmp</filename> has been superceded by
2324 <filename>libmp</filename>.
2325
2326 <para>The functions from <filename>libposix1e</filename> have been
2327 integrated into <filename>libc</filename>.</para>
2328
2329 <para role="historic"><filename>libusb</filename> has been renamed as
2330 <filename>libusbhid</filename>, following NetBSD's naming
2331 conventions. &merged;</para>
2332
2333 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to
2334 request user confirmation before overwriting an existing
2335 file. &merged;</para>
2336
2337 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid
2338 following a target that is a link, with a <option>-n</option>
2339 flag for compatibility with other
2340 implementations. &merged;</para>
2341
2342 <para role="historic">&man.logger.1; can now send messages directly to a remote
2343 syslog. &merged;</para>
2344
2345 <para role="historic">&man.login.1; now exports environment variables set by
2346 <application>PAM</application> modules. &merged;</para>
2347
2348 <para role="historic">&man.lpc.8; has been improved; <command>lpc clean</command>
2349 is now somewhat safer, and a new <command>lpc tclean</command>
2350 command has been added to check to see what files would be
2351 removed by <command>lpc clean</command>. &merged;</para>
2352
2353 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option>
2354 will log all connection errors to &man.syslogd.8;, while
2355 <option>-W</option> will allow connections from non-reserved
2356 ports. &merged;</para>
2357
2358 <para role="historic">&man.lpd.8; now has some support for
2359 <literal>o</literal>-type print-file actions in its control
2360 files, which allows printing of PostScript files generated by
2361 <application>MacOS</application> 10.1. &merged;</para>
2362
2363 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as
2364 the preferred synonym for <option>-p</option> (these flags
2365 cause &man.lpd.8; not to open a socket for network print
2366 jobs). &merged;</para>
2367
2368 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal>
2369 printcap option. When specified in a print queue for a remote
2370 host, boolean option causes &man.lpd.8; to resend the data file
2371 for each copy the user requested via <command>lpr
2372 -#<replaceable>n</replaceable></command>. &merged;</para>
2373
2374 <para role="historic">Catching up with most other network utilities in the base
2375 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and
2376 &man.logger.1; are now all IPv6-capable. &merged;</para>
2377
2378 <para role="historic"><command>lprm -</command> now works for remote printer
2379 queues. &merged;</para>
2380
2381 <para role="historic">&man.ls.1; can produce colorized listings with the
2382 <option>-G</option> flag (and appropriate terminal support).
2383 The <envar>CLICOLOR</envar> environment variable can be set to
2384 enable colorized listings by default. &merged;</para>
2385
2386 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which
2387 when combined with the <option>-l</option> flag, causes file
2388 sizes to be printed with unit suffixes, such that the number of
2389 digits printed is fewer than four. &merged;</para>
2390
2391 <para>The &man.ls.1; program now supports a <option>-m</option>
2392 flag to list files across a page, a <option>-p</option> flag to
2393 force printing of a <literal>/</literal> after directories, and
2394 a <option>-x</option> flag to sort filenames across a
2395 page.</para>
2396
2397 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause
2398 it to emit <literal>#line</literal> directives for use by
2399 &man.cpp.1;. &merged;</para>
2400
2401 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid
2402 sending messages with empty bodies. &merged;</para>
2403
2404 <para role="historic">&man.make.1; has gained the <literal>:C///</literal>
2405 (regular expression substitution), <literal>:L</literal>
2406 (lowercase), and <literal>:U</literal> (uppercase) variable
2407 modifiers. These were added to reduce the differences between
2408 the &os; and OpenBSD/NetBSD &man.make.1; programs.
2409 &merged;</para>
2410
2411 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix
2412 behavior, bad assumptions about current directory permissions,
2413 and potential buffer overflows, have been fixed. &merged;</para>
2414
2415 <para role="historic">The new <varname>CPUTYPE</varname>
2416 <filename>make.conf</filename> variable controls the compilation
2417 of processor-specific optimizations in various pieces of code
2418 such as <application>OpenSSL</application>. &merged;</para>
2419
2420 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now
2421 supports the <varname>WARNS</varname> directive from NetBSD.
2422 This directive controls the addition of compiler warning flags
2423 to <varname>CFLAGS</varname> in a relatively compiler-neutral
2424 manner. &merged;</para>
2425
2426 <para>&man.makewhatis.1; is now a C program, instead of a
2427 Perl script.</para>
2428
2429 <para>&man.man.1; is no longer installed SUID
2430 <username>man</username>, in order to reduce vulnerabilities
2431 associated with generating <quote>catpages</quote> (preformatted
2432 manual pages cached for repeated viewing). As a result,
2433 &man.man.1; can no longer create system catpages on a regular
2434 user's behalf. It is still able to do so if the user has write
2435 permissions to the directory holding catpages (e.g. a user's own
2436 manpages) or if the running user is
2437 <username>root</username>.</para>
2438
2439 <para>The &man.mdmfs.8; command has been added; it is a wrapper
2440 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and
2441 &man.mount.8; that mimics the command line option set of the
2442 deprecated &man.mount.mfs.8;.</para>
2443
2444 <para role="historic">&man.mergemaster.8; now sources an
2445 <filename>/etc/mergemaster.rc</filename> file and also prompts
2446 the user to run recommended commands (such as
2447 <command>newaliases</command>) as needed. &merged;</para>
2448
2449 <para role="historic">&man.mergemaster.8; now supports two new flags.
2450 The <option>-p</option> flag enables a
2451 <quote>pre-<literal>buildworld</literal></quote> mode to files
2452 known to be essential to the success of the
2453 <literal>buildworld</literal> and
2454 <literal>installworld</literal> system updating steps. The
2455 <option>-C</option> flag, used after a successful
2456 &man.mergemaster.8; run, compares options in
2457 <filename>/etc/rc.conf</filename> to the default options in
2458 <filename>/etc/defaults/rc.conf</filename>. &merged;</para>
2459
2460 <para role="historic">mk_cmds(1) and the associated
2461 <filename>libss</filename> have been removed; they have been
2462 unused for quite some time. &merged;</para>
2463
2464 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to
2465 control mouse acceleration. &merged;</para>
2466
2467 <para role="historic">&man.mtree.8; now includes support for a file that lists
2468 pathnames to be excluded when creating and verifying prototypes.
2469 This makes it easier to use &man.mtree.8; as a part of an
2470 intrusion-detection system. &merged;</para>
2471
2472 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> to
2473 automatically answer <quote>no</quote> when it would ask to
2474 overwrite a file.</para>
2475
2476 <para role="historic">&man.natd.8; now supports a
2477 <option>-log_ipfw_denied</option> option to log packets that
2478 cannot be re-injected because they are blocked by &man.ipfw.8;
2479 rules. &merged;</para>
2480
2481 <para role="historic">The <quote>in use</quote> percentage metric displayed by
2482 &man.netstat.1; now really reflects the percentage of network
2483 mbufs used. &merged;</para>
2484
2485 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that
2486 tells it not to truncate addresses, even if they're too long for
2487 the column they're printed in. &merged;</para>
2488
2489 <para role="historic">&man.netstat.1; now keeps track of input and output packets
2490 on a per-address basis for each interface. &merged;</para>
2491
2492 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset
2493 statistics. &merged;</para>
2494
2495 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print
2496 address numerically but port names symbolically. &merged;</para>
2497
2498 <para role="historic">&man.newfs.8; now implements write combining, which can make
2499 creation of new filesystems up to seven times
2500 faster. &merged;</para>
2501
2502 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to
2503 enable softupdates on a new filesystem. &merged;</para>
2504
2505 <para role="historic">The default number of cylinders per group in &man.newfs.8;
2506 is now computed to be the maximum allowable given the current
2507 filesystem parameters. It can be overridden with the
2508 <option>-c</option> option. Formerly, the default was fixed at
2509 16. This change leads to better &man.fsck.8; performance and
2510 reduced fragmentation. &merged;</para>
2511
2512 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and
2513 fragment sizes for new filesystems created by &man.newfs.8; are
2514 now 16384 and 2048 bytes, respectively (the old defaults were
2515 8192 and 1024 bytes). This change generally provides increased
2516 performance, at the expense of some wasted disk
2517 space. &merged;</para>
2518
2519 <para>A number of archaic features of &man.newfs.8; have been
2520 removed; these implement tuning features that are essentially
2521 useless on modern hard disks. These features were controlled by
2522 the <option>-O</option>, <option>-d</option>,
2523 <option>-k</option>, <option>-l</option>, <option>-n</option>,
2524 <option>-p</option>, <option>-r</option>, <option>-t</option>,
2525 and <option>-x</option> flags.</para>
2526
2527 <para role="historic">&man.newsyslog.8; now has the ability to compress log files
2528 using &man.bzip2.1;. &merged;</para>
2529
2530 <para><application>NFS</application> now works over IPv6.</para>
2531
2532 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command
2533 to send a data packet down a given hook. &merged;</para>
2534
2535 <para role="historic">&man.nl.1;, a line numbering filter program, has been
2536 added. &merged;</para>
2537
2538 <para><application>nsswitch</application> support has been merged
2539 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os;
2540 can be configured so that various databases such as
2541 &man.passwd.5; and &man.group.5; can be looked up using flat
2542 files, NIS, or Hesiod. The old
2543 <filename>hosts.conf</filename> file is no longer used.</para>
2544
2545 <para><application>PAM</application> support has been added for
2546 account management and sessions.</para>
2547
2548 <para><application>PAM</application> configuration is now
2549 specified by files in <filename>/etc/pam.d/</filename>, rather
2550 than a single <filename>/etc/pam.conf</filename> file.
2551 <filename>/etc/pam.d/README</filename> has more details.</para>
2552
2553 <para>A &man.pam.ftp.8; module has been added to allow
2554 authentication of anonymous FTP users.</para>
2555
2556 <para>A &man.pam.ftpusers.8; module has been added to perform
2557 checks against the &man.ftpusers.5; file.</para>
2558
2559 <para>A &man.pam.lastlog.8; module has been added to record
2560 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5;
2561 databases.</para>
2562
2563 <para>A &man.pam.login.access.8; module has been added, to allow
2564 checking against <filename>/etc/login.access</filename>.</para>
2565
2566 <para>The &man.pam.nologin.8; module, which can disallow logins
2567 using &man.nologin.5;, has been added.</para>
2568
2569 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have
2570 been added to control authentication via &man.opie.4;.</para>
2571
2572 <para>A &man.pam.passwdqc.8; module has been added, to check the
2573 quality of passwords submitted during password changes.</para>
2574
2575 <para>A &man.pam.rhosts.8; module has been added to support
2576 &man.rhosts.5; authentication.</para>
2577
2578 <para>The &man.pam.rootok.8; module, which can be used to
2579 authenticate only the superuser, has been added.</para>
2580
2581 <para>A &man.pam.securetty.8; module has been added to check the
2582 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para>
2583
2584 <para>A &man.pam.self.8; module, which allows self-authentication
2585 of a user, has been added.</para>
2586
2587 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of
2588 SSH passphrases and keypairs for authentication. This module
2589 also handles session management by invoking
2590 &man.ssh-agent.1;. &merged;</para>
2591
2592 <para>A &man.pam.wheel.8; module has been added to permit
2593 authentication to members of a group, which defaults to
2594 <groupname>wheel</groupname>.</para>
2595
2596 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash
2597 algorithm at run time. See the <literal>passwd_format</literal>
2598 attribute in
2599 <filename>/etc/login.conf</filename>. &merged;</para>
2600
2601 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line
2602 flag to read a patch from a file, rather than standard
2603 input. &merged;</para>
2604
2605 <para>The &man.pathchk.1; utility, which checks pathnames for
2606 validity or portability between POSIX systems, has been
2607 added.</para>
2608
2609 <para role="historic">&man.pax.1; has received a number of enhancements, including
2610 &man.cpio.1; functionality, &man.tar.1; compatibility
2611 enhancements, <option>-z</option> and <option>-Z</option> flags
2612 for &man.gzip.1; and &man.compress.1; functionality, and a
2613 number of bug fixes. &merged;</para>
2614
2615 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to
2616 display the vendor/device information of configured devices, in
2617 conjunction with the <option>-l</option> option. The default
2618 vendor/device database can be found at
2619 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para>
2620
2621 <para role="historic">The behavior of &man.periodic.8; is now controlled by
2622 <filename>/etc/defaults/periodic.conf</filename> and
2623 <filename>/etc/periodic.conf</filename>. &merged;</para>
2624
2625 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to
2626 set the TTL of outgoing packets. &merged;</para>
2627
2628 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to
2629 beep when packets are lost. &merged;</para>
2630
2631 <para role="historic">Userland &man.ppp.8; has received a number of updates and
2632 bug fixes. &merged;</para>
2633
2634 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal>
2635 option, which adjusts outgoing and incoming TCP SYN packets so
2636 that the maximum receive segment size is no larger than allowed
2637 by the interface MTU. &merged;</para>
2638
2639 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para>
2640
2641 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is
2642 now installed mode <literal>4550</literal> and
2643 <username>root</username><literal>:</literal><groupname>dialer</groupname>,
2644 rather than mode <literal>4555</literal> (in other words, it is
2645 no longer world-executable). Users of &man.pppd.8; may need to
2646 change their group settings. &merged;</para>
2647
2648 <para role="historic">&man.pr.1; now supports the <option>-f</option> and
2649 <option>-p</option> flags to pause output going to a
2650 terminal. &merged;</para>
2651
2652 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract
2653 information from a specified swap device) has been useless for
2654 some time; it has been removed. &merged;</para>
2655
2656 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to
2657 resolve pathnames to their underlying physical
2658 paths. &merged;</para>
2659
2660 <para>&man.pwd.1; now supports the <option>-L</option> flag to
2661 print the logical current working directory.</para>
2662
2663 <para>The pseudo-random number generator implemented by
2664 &man.rand.3; has been improved to provide less biased
2665 results.</para>
2666
2667 <para role="historic">&man.rc.8; now has an framework for handling dependencies
2668 between &man.rc.conf.5; variables. &merged;</para>
2669
2670 <para role="historic">&man.rc.8; now deletes all non-directory files in
2671 <filename>/var/run</filename> and
2672 <filename>/var/spool/lock</filename> at boot
2673 time. &merged;</para>
2674
2675 <para>&man.rcmd.3; now supports the use of the
2676 <envar>RSH</envar> environment variable to specify a program to
2677 use other than &man.rsh.1; for remote execution. As a result,
2678 programs such as &man.dump.8;, can use &man.ssh.1; for remote
2679 transport.</para>
2680
2681 <para>&man.rdist.1; has been retired from the base system, but is
2682 still available from &os; Ports Collection as
2683 <filename role="package">net/44bsd-rdist</filename>.</para>
2684
2685 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify
2686 the next kernel to boot. &merged;</para>
2687
2688 <para>The &man.renice.8; command implements a <option>-n</option>
2689 option, which specifies an increment to be applied to the
2690 priority of a process.</para>
2691
2692 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support,
2693 which will be necessary when working with IPv6 transport-ready
2694 resolvers/DNS servers. &merged;</para>
2695
2696 <para role="historic">The &man.rfork.thread.3; library call has been added as a
2697 helper function to &man.rfork.2;. Using this function should
2698 avoid the need to implement complex stack swap
2699 code. &merged;</para>
2700
2701 <para>The <option>-v</option> option to &man.rm.1; now displays
2702 the entire pathname of a file being removed.</para>
2703
2704 <para role="historic">&man.route.8; is now more verbose when changing indirect
2705 routes, in the case of a gateway route that is the same route as
2706 the one being modified. &merged;</para>
2707
2708 <para role="historic">&man.route.8; now uses
2709 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal>
2710 syntax instead of
2711 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal>
2712 syntax, for compatibility with &man.netstat.1;. &merged;</para>
2713
2714 <para role="historic">&man.route.8; can now create <quote>proxy only</quote>
2715 published ARP entries. &merged;</para>
2716
2717 <para role="historic">The &man.route.8; <option>add</option> command now supports
2718 the <option>-ifp</option> and <option>-ifa</option>
2719 modifiers. &merged;</para>
2720
2721 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para>
2722
2723 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename>
2724 (as on NetBSD), not
2725 <filename>/usr/libexec/cpp</filename>.</para>
2726
2727 <para>&man.rpc.lockd.8; has been imported from NetBSD. This
2728 daemon provides support for servicing client NFS locks.</para>
2729
2730 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has
2731 been improved. &merged;</para>
2732
2733 <para role="historic">RSA Security has waived all patent rights to the
2734 <application>RSA</application> algorithm. As a result, the
2735 native <application>OpenSSL</application> implementation of the
2736 RSA algorithm is now activated by default, and the <filename
2737 role="package">security/rsaref</filename> port and the
2738 <filename>librsaUSA</filename> and
2739 <filename>librsaINTL</filename> libraries are no longer required
2740 for USA and non-USA residents respectively. &merged;</para>
2741
2742 <para>&man.rtld.1; will now print the names of all objects that
2743 cause each object to be loaded, if the
2744 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment
2745 variable is defined.</para>
2746
2747 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option
2748 to prevent clearing a crash dump after saving it. It also
2749 attempts to avoid writing large stretches of zeros to crash dump
2750 files to save space and time. &merged;</para>
2751
2752 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB
2753 or more of RAM. &merged;</para>
2754
2755 <para>The &man.sccs.1; front-end to the Source Code Control System
2756 has been revived.</para>
2757
2758 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for
2759 extended regular expression support. &merged;</para>
2760
2761 <para>&man.sed.1; now takes a <option>-i</option> option to enable
2762 in-place editing of files.</para>
2763
2764 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to
2765 include a file into the <literal>Fix:</literal> section of a
2766 problem report. &merged;</para>
2767
2768 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been
2769 added to manage filesystem Access Control Lists.</para>
2770
2771 <para role="historic">&man.setproctitle.3; has been moved from
2772 <filename>libutil</filename> to
2773 <filename>libc</filename>. &merged;</para>
2774
2775 <para role="historic">&man.sh.1; now implements <command>test</command> as a
2776 built-in command for improved efficiency. &merged;</para>
2777
2778 <para>&man.sh.1; no longer implements <command>printf</command> as
2779 a built-in command because it was considered less valuable
2780 compared to the other built-in commands (this functionality is,
2781 of course, still available through the &man.printf.1;
2782 executable).</para>
2783
2784 <para>&man.sh.1; now supports a <option>-C</option> option to
2785 prevent existing regular files from being overwritten by output
2786 redirection, and a <option>-u</option> to give an error if an
2787 unset variable is expanded.</para>
2788
2789 <para role="historic">&man.sockstat.1; now has <option>-c</option> and
2790 <option>-l</option> flags for listing connected and listening
2791 sockets, respectively. &merged;</para>
2792
2793 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a
2794 Perl script.</para>
2795
2796 <para role="historic">&man.split.1; now has the ability to split a file longer
2797 than 2GB. &merged;</para>
2798
2799 <para>&man.split.1; now supports a <option>-a</option> option to
2800 specify the number of letters to use for the suffix of split
2801 files.</para>
2802
2803 <para>In preparation for meeting SUSv2/POSIX
2804 <filename><sys/select.h></filename> requirements,
2805 <literal>struct selinfo</literal> and related functions have been
2806 moved to <filename><sys/selinfo.h></filename>.</para>
2807
2808 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of
2809 &man.strstr.3; have been implemented. &merged;</para>
2810
2811 <para role="historic">&man.stty.1; now has support for an
2812 <literal>erase2</literal> control character, so that, for
2813 example, both the <keycap>Delete</keycap> and
2814 <keycap>Backspace</keycap> keys can be used to erase
2815 characters. &merged;</para>
2816
2817 <para>&man.su.1; now uses <application>PAM</application> for
2818 authentication.</para>
2819
2820 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a
2821 machine-independent
2822 <filename>/etc/rc.syscons</filename>. &merged;</para>
2823
2824 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to
2825 print out variable names only. &merged;</para>
2826
2827 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and
2828 <option>-X</option> options with <option>-ao</option> and
2829 <option>-ax</option> respectively; the former options are now
2830 deprecated. The <option>-w</option> option is deprecated as
2831 well; it is not needed to determine the user's
2832 intentions. &merged;</para>
2833
2834 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to
2835 separate variable names and values by <literal>=</literal>
2836 rather than <literal>:</literal>. This feature is useful for
2837 producing output that can be fed back to
2838 &man.sysctl.8;. &merged;</para>
2839
2840 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print
2841 the descriptions of variables.</para>
2842
2843 <para role="historic">&man.sysinstall.8; now properly preserves
2844 <filename>/etc/mail</filename> during a binary
2845 upgrade. &merged;</para>
2846
2847 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults
2848 thanks to some new dialog support functions. &merged;</para>
2849
2850 <para>The default root partition in &man.sysinstall.8; is now
2851 100MB on the i386 and pc98, 120MB on the Alpha.</para>
2852
2853 <para>&man.sysinstall.8; now lives in
2854 <filename>/usr/sbin</filename>, which simplifies the
2855 installation process. The &man.sysinstall.8; manpage is also
2856 installed in a more consistent fashion now.</para>
2857
2858 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a
2859 part of the installation. &merged;</para>
2860
2861 <para role="historic">When run from the installation media, &man.sysinstall.8;
2862 will automatically load any device drivers found in the
2863 <filename>/stand/modules</filename> directory of the
2864 <literal>mfsroot</literal> floppy or filesystem image. Note
2865 that any drivers so loaded will not appear in the kernel's boot
2866 messages; the &man.sysinstall.8; debugging screen will provide
2867 additional information. &merged;</para>
2868
2869 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on
2870 all filesystems it creates, except for the root
2871 filesystem. &merged;</para>
2872
2873 <para role="historic">&man.sysinstall.8; has received updates for its
2874 <quote>auto</quote> partitioning mode which provide more
2875 reasonable defaults for the sizes of partitions that are
2876 created; auto-sized partitions can now also recover the space
2877 that becomes available when other partitions are
2878 deleted. &merged;</para>
2879
2880 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5;
2881 filesystem by default on new installs.</para>
2882
2883 <para role="historic">&man.sysinstall.8; now has rudimentary support for
2884 retrieving packages from the correct volume of a multiple-volume
2885 installation (such as a multi-CD distribution). &merged;</para>
2886
2887 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to
2888 disable DNS queries for every request. &merged;</para>
2889
2890 <para role="historic">&man.syslogd.8; now supports a
2891 <literal>LOG_CONSOLE</literal> facility (disabled by default),
2892 which can be used to log <filename>/dev/console</filename>
2893 output. &merged;</para>
2894
2895 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific
2896 address (as opposed to using every available one) via the
2897 <option>-b</option> option. &merged;</para>
2898
2899 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to
2900 disable repeated line compression. &merged;</para>
2901
2902 <para>&man.tabs.1;, a utility to set terminal tab stops, has been
2903 added.</para>
2904
2905 <para role="historic">&man.tail.1; now has the ability to work on files longer
2906 than 2GB. &merged;</para>
2907
2908 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname>
2909 variable, principally to enable the use of &man.ssh.1; as a
2910 transport. &merged;</para>
2911
2912 <para role="historic">&man.telnet.1; now does autologin and encryption by default;
2913 a new <option>-y</option> option turns off encryption. &merged;</para>
2914
2915 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to
2916 allow connections to UNIX-domain (<literal>AF_UNIX</literal>)
2917 sockets. &merged;</para>
2918
2919 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para>
2920
2921 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and
2922 <option>-C</option> options, which allow the server to
2923 &man.chroot.2; based on the IP address of the connecting client.
2924 &man.tftp.1; and &man.tftpd.8; can now transfer files larger
2925 than 65535 blocks. &merged;</para>
2926
2927 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval
2928 and Transfer Size Options); this feature is required by some
2929 firmware like EFI boot managers (at least on HP i2000 Itanium
2930 servers) in order to boot an image using
2931 <application>TFTP</application>.</para>
2932
2933 <para arch="alpha">&man.timed.8; now works on the alpha.</para>
2934
2935 <para>A version of Transport Independent RPC
2936 (<application>TI-RPC</application>) has been imported.</para>
2937
2938 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar>
2939 environment variable, if set, to specify the location of
2940 temporary files. &merged;</para>
2941
2942 <para>&man.tip.1; has been updated from
2943 <application>OpenBSD</application>, and has the ability to act
2944 as a &man.cu.1; substitute.</para>
2945
2946 <para>&man.top.1; will now use the full width of its tty.</para>
2947
2948 <para>&man.touch.1; now takes a <option>-h</option> option to
2949 operate on a symbolic link, rather than what the link points
2950 to.</para>
2951
2952 <para role="historic">The &man.truncate.1; utility, which truncates or extends the
2953 length of files, has been added. &merged;</para>
2954
2955 <para role="historic">Ukrainian language support has been added to the &os;
2956 console. &merged;</para>
2957
2958 <para><application>UUCP</application> has been removed from the
2959 base system. It can be found in the Ports Collection, in
2960 <filename role="package">net/freebsd-uucp</filename>.</para>
2961
2962 <para>&man.unexpand.1; now supports a <option>-t</option> to
2963 specify tabstabs analogous to &man.expand.1;.</para>
2964
2965 <para role="historic">&man.units.1; has received some updates and
2966 bugfixes. &merged;</para>
2967
2968 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to
2969 show the device driver associated with each device.</para>
2970
2971 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate
2972 USB Human Interface Devices. &merged;</para>
2973
2974 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to
2975 set their output files. &man.uuencode.1; can now be made to do base64 encoding
2976 when given the <option>-m</option> flag, while &man.uudecode.1;
2977 can now automatically decode base64 files. &merged;</para>
2978
2979 <para>The base64 capabilities of &man.uuencode.1; and
2980 &man.uudecode.1; can now be automatically enabled by invoking
2981 these utilities as &man.b64encode.1; and &man.b64decode.1;
2982 respectively.</para>
2983
2984 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option>
2985 parameter to select custom text geometry in the
2986 <literal>VESA_800x600</literal> raster text mode. &merged;</para>
2987
2988 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size
2989 specification when loading a font, and has some better
2990 error-handling. &merged;</para>
2991
2992 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option
2993 to take a snapshot of a &man.syscons.4; video buffer. These
2994 snapshots can be manipulated by the
2995 <filename role="package">graphics/scr2png</filename> utility in
2996 the Ports Collection. &merged;</para>
2997
2998 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option
2999 to clear the history buffer for a given tty, as well as a
3000 <option>-h</option> option to set the size of the history
3001 buffer. &merged;</para>
3002
3003 <para>The default stripe size in &man.vinum.8; has been changed
3004 from 256KB to 279KB, to spread out superblocks more evenly
3005 between stripes.</para>
3006
3007 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to
3008 write a message to all users of a given group. &merged;</para>
3009
3010 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to
3011 specify a &man.snp.4; device to use. &merged;</para>
3012
3013 <para>&man.which.1; is now a C program, rather than a Perl
3014 script.</para>
3015
3016 <para>&man.who.1; now has a number of new options:
3017 <option>-H</option> shows column headings; <option>-T</option>
3018 shows &man.mesg.1; state; <option>-m</option> is an equivalent
3019 to <option>am i</option>; <option>-u</option> shows idle time;
3020 <option>-q</option> to list names in columns.</para>
3021
3022 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN.
3023 If a query to ARIN references APNIC or RIPE, the appropriate
3024 server will also be queried, provided that the
3025 <option>-Q</option> option is not specified. &merged;</para>
3026
3027 <para role="historic">&man.whois.1; supports a <option>-c</option> option to
3028 specify a country code to help direct queries towards a
3029 particular whois server. &merged;</para>
3030
3031 <para>&man.xargs.1; now supports a <option>-I</option>
3032 <replaceable>replstr</replaceable> option that allows the user
3033 to tell &man.xargs.1; to insert the data read from standard
3034 input at specific points in the command line arguments rather
3035 than at the end. (A &os;-specific <option>-J</option> option is
3036 similar, but is now deprecated in favor of the more portable
3037 <option>-I</option> option.)</para>
3038
3039 <para>&man.xargs.1; now supports a <option>-L</option> option to
3040 force its utility argument to be called after some number of
3041 lines.</para>
3042
3043 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime
3044 initialization code. This change brings about better
3045 compatibility with code generated from the various egcs and gcc
3046 ports, as well as the stock public FSF source. &merged;</para>
3047
3048 <para role="historic">The threads library has gained some signal handling changes,
3049 bug fixes, and performance enhancements (including zero system
3050 call thread switching). &man.gdb.1; thread support has been
3051 updated to match these changes. &merged;</para>
3052
3053 <para role="historic">Significant additions have been made to internationalization
3054 support; &os; now has complete locale support for the
3055 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>,
3056 and <literal>LC_MESSAGES</literal> categories. A number of
3057 applications have been updated to take advantage of this
3058 support. &merged;</para>
3059
3060 <para role="historic">Locale names have been changed to improve compatibility with
3061 the names used by X11R6, as well as a number of other UNIX
3062 versions. As an example, the
3063 <literal>en_US.ISO_8859-1</literal> locale name has been changed
3064 to
3065 <literal>en_US.ISO8859-1</literal>. Entries in
3066 <filename>/etc/locale.alias</filename> provide backward
3067 compatibility. &merged;</para>
3068
3069 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now
3070 contains a scalable Beastie graphic. &merged;</para>
3071
3072 <para role="historic">As part of an ongoing process, many manual pages were
3073 improved, both in terms of their formatting markup and in their
3074 content. &merged;</para>
3075
3076 <para>A number of utilities and libraries were enhanced to improve
3077 their conformance with the Single UNIX Specification (SUSv3) and
3078 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific
3079 features added have been listed in the release notes for each
3080 utility. The standards conformance of each utility or library
3081 function is generally listed in its manual page.</para>
3082
3083 <sect3>
3084 <title>Contributed Software</title>
3085
3086 <para><application>am-utils</application> has been updated to
3087 6.0.7.</para>
3088
3089 <para>A 10 February 2002 snapshot of <application>awk</application> from Bell Labs (variously
3090 known as <quote>BWK awk</quote> or <quote>The One True
3091 AWK</quote>) has been imported. It is available as
3092 <command>awk</command> or
3093 <command>nawk</command>.</para>
3094
3095 <para role="historic"><application>bc</application> has been updated from 1.04 to
3096 1.06. &merged;</para>
3097
3098 <para role="historic">The ISC library from the <application>BIND</application>
3099 distribution is now built as
3100 <filename>libisc</filename>. &merged;</para>
3101
3102 <para role="historic"><application>BIND</application> is now built with the
3103 <literal>NOADDITIONAL</literal> flag, which causes
3104 &man.named.8; to operate in a more consistent fashion for
3105 certain common misconfigurations. &merged;</para>
3106
3107 <para role="historic"><application>BIND</application> has been updated to
3108 8.3.2-T1B. &merged;</para>
3109
3110 <para><application>Binutils</application> has been updated to
3111 2.12.0.</para>
3112
3113 <para role="historic"><application>bzip2</application> 1.0.2 has been imported;
3114 this brings the &man.bzip2.1; program and the
3115 <filename>libbz2</filename> library to the base
3116 system. &merged;</para>
3117
3118 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has
3119 been updated to 1.4.2. &merged;</para>
3120
3121 <para><application>file</application> has been updated to
3122 3.37.</para>
3123
3124 <para><application>gcc</application> has been updated to
3125 a snapshot of <application>gcc</application> 3.1.
3126 <warning>
3127 <para>The integration of <application>gcc</application> is
3128 very new. Some applications and programs in the base
3129 system require fixes or compiler flags to build
3130 correctly. Work to address these problems is ongoing.</para>
3131 </warning>
3132 </para>
3133
3134 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename>
3135 rather than a separate one for threaded and non-threaded
3136 programs. <filename>/usr/lib/libgcc_r.a</filename> can be
3137 removed. &merged;</para>
3138
3139 <para role="historic">&man.gcc.1; now supports the environment variable
3140 <envar>GCC_OPTIONS</envar>, which can hold a set of default
3141 options for <application>GCC</application>. &merged;</para>
3142
3143 <para role="historic"><application>GNATS</application> has been updated to
3144 3.113. &merged;</para>
3145
3146 <para><application>GNU awk</application> has been updated to
3147 3.1.0. It is now available as <command>gawk</command>.</para>
3148
3149 <para><application>gperf</application> has been updated to
3150 2.7.2.</para>
3151
3152 <para role="historic"><application>groff</application> and its related utilities
3153 have been updated to FSF version 1.17.2. This import brings
3154 in a new &man.mdoc.7; macro package (sometimes referred to as
3155 <literal>mdocNG</literal>), which removes many of the
3156 limitations of its predecessor. &merged;</para>
3157
3158 <para role="historic"><application>Heimdal Kerberos</application> has been updated to
3159 0.4e. &merged;</para>
3160
3161 <para role="historic">The version of <application>IPFilter</application>
3162 provided with &os; now includes the &man.ipfs.8; program,
3163 which allows state information created for NAT entries and
3164 stateful rules to be saved to disk and restored after a
3165 reboot. Boot-time configuration of these features is
3166 supported by &man.rc.conf.5;. &merged;</para>
3167
3168 <para role="historic">The <application>ISC DHCP</application> client has been
3169 updated to 3.0.1RC8. &merged;</para>
3170
3171 <para role="historic"><application>Kerberos IV</application> has been updated to
3172 1.0.5. &merged;</para>
3173
3174 <para>The &man.more.1; command has been replaced by
3175 &man.less.1;, although it can still be run as
3176 <command>more</command>. &merged; Version 371 of
3177 <application>less</application> has been imported.</para>
3178
3179 <para role="historic"><application>libpcap</application> has been updated to
3180 0.6.2. &merged;</para>
3181
3182 <para><application>libreadline</application> has been updated to
3183 4.2.</para>
3184
3185 <para><application>libz</application> has been updated to
3186 1.1.4.</para>
3187
3188 <para><application>lint</application> has been updated to
3189 snapshot of NetBSD &man.lint.1; as of 3 March 2002.</para>
3190
3191 <para><application>lukemftp</application> (the FTP client from
3192 NetBSD) has replaced the &os; &man.ftp.1; program. Among its
3193 new features are more automation methods, better standards
3194 compliance, transfer rate throttling, and a customizable
3195 command-line prompt. Some environment variables and
3196 command-line arguments have changed.</para>
3197
3198 <para>The FTP daemon from NetBSD, otherwise known as
3199 <application>lukemftpd</application>, has been imported and is
3200 available as &man.lukemftpd.8;.</para>
3201
3202 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April
3203 2002.</para>
3204
3205 <para><application>ncurses</application> has been updated to
3206 5.2-20020518.</para>
3207
3208 <para role="historic">The <application>NTP</application> suite of programs has
3209 been updated to 4.1.0. &merged;</para>
3210
3211 <para><application>OpenPAM</application>
3212 (<quote>Cinnamon</quote> release) has been imported,
3213 replacing
3214 <application>Linux-PAM</application>.</para>
3215
3216 <para>The <application>OPIE</application> one-time-password
3217 suite has been updated to 2.4. It has completely
3218 replaced the functionality of
3219 <application>S/Key</application>.</para>
3220
3221 <para><application>Perl</application> has been removed from the
3222 &os; base system. It can still be installed from the &os;
3223 Ports Collection or as a binary package; moving it out of the
3224 base system will make future upgrades and maintenence easier.
3225 To reduce the dependence of the base system on
3226 Perl, many utilities have been
3227 rewritten as shell scripts or C programs (specific notes are
3228 made for each affected utility).
3229 <filename>/usr/bin/perl</filename> is now a
3230 <quote>wrapper</quote> program, so that programs expecting to
3231 find a Perl interpreter there will
3232 be able to function correctly.
3233
3234 <warning>
3235 <para>The Perl removal and
3236 package integration work is ongoing.</para>
3237 </warning>
3238
3239 </para>
3240
3241 <para><application>GNU ptx</application> has been removed from
3242 the base system. It is not used anywhere in the base system,
3243 and has not been recently updated or maintained. Users
3244 requiring its functionality can install this utility as a part
3245 of the <filename role="package">textproc/textutils</filename>
3246 port.</para>
3247
3248 <para role="historic">&man.routed.8; has been updated to version
3249 2.22. &merged;</para>
3250
3251 <para arch="i386,pc98">Version 1.4.4 of the
3252 <application>smbfs</application> userland utilities have been
3253 imported.</para>
3254
3255 <para><application>GNU sort</application> has been updated to
3256 the version from <application>GNU textutils
3257 2.0.21</application>.</para>
3258
3259 <para>&man.stat.1; from <application>NetBSD</application>, as of
3260 5 June 2002 has, been imported.</para>
3261
3262 <para><application>GNU tar</application> has been updated to
3263 1.13.25.</para>
3264
3265 <para role="historic"><application>tcpdump</application> has been updated to
3266 3.6.3. &merged;</para>
3267
3268 <para role="historic">The &man.csh.1; shell has been replaced by &man.tcsh.1;,
3269 although it can still be run as <command>csh</command>.
3270 <application>tcsh</application> has been updated to version
3271 6.11. &merged;</para>
3272
3273 <para>The contributed version of
3274 <application>tcp_wrappers</application> now includes the
3275 &man.tcpd.8; helper daemon. While not strictly necessary in a
3276 standard &os; installation (because &man.inetd.8; already
3277 incorporates this functionality), this may be useful for
3278 &man.inetd.8; replacements such as
3279 <application>xinetd</application>.</para>
3280
3281 <para role="historic"><application>texinfo</application> has been updated to
3282 4.1. &merged;</para>
3283
3284 <para><application>top</application> has been updated to version
3285 3.5b12.</para>
3286
3287 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value
3288 from the <varname>net.inet.ip.ttl</varname> sysctl
3289 variable. &merged;</para>
3290
3291 <para role="historic">The timezone database has been updated to the
3292 <filename>tzdata2002c</filename> release. &merged;</para>
3293
3294 <sect4>
3295 <title>CVS</title>
3296
3297 <para role="historic"><application>cvs</application> has been updated to
3298 1.11.1p1. &merged;</para>
3299
3300 <para role="historic">The default value for &man.cvs.1;'s
3301 <envar>CVS_RSH</envar> variable is now
3302 <literal>ssh</literal>, rather than
3303 <literal>rsh</literal>. &merged;</para>
3304
3305 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to
3306 update a sandbox's <filename>CVS/Template</filename> file
3307 from the repository. &merged;</para>
3308
3309 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the
3310 <option>-j</option> option to perform differences against a
3311 revision relative to a branch tag. &merged;</para>
3312 </sect4>
3313
3314 <sect4>
3315 <title>CVSup</title>
3316
3317 <para role="historic"><application>CVSup</application>, a frequently used
3318 utility in the &os; Ports Collection, was formerly
3319 installable using several ports and packages. The
3320 <filename role="package">net/cvsup-bin</filename> and
3321 <filename role="package">net/cvsupd-bin</filename>
3322 ports/packages are no longer necessary or available; the
3323 <filename role="package">net/cvsup</filename> port should be
3324 used instead. &merged;</para>
3325
3326 <para role="historic"><application>CVSup</application> has been updated to
3327 16.1_3, which is available in the &os; Ports Collection as
3328 <filename role="package">net/cvsup</filename>. This update
3329 fixes a long-standing (but only recently encountered) bug
3330 which affects the timestamps on all files after Sun Sep 9
3331 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX
3332 epoch). &merged;</para>
3333 </sect4>
3334
3335 <sect4 id="kame-userland">
3336 <title>KAME</title>
3337
3338 <para role="historic">The IPv6 stack is now based on a snapshot based on the
3339 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
3340 the items listed in this section are a result of this
3341 import.
3342 <xref linkend="kame-kernel"> lists kernel updates to the
3343 KAME IPv6 stack. &merged;</para>
3344
3345 <para role="historic">&man.faithd.8; now supports a configuration file for
3346 access control. &merged;</para>
3347
3348 <para role="historic">&man.ifconfig.8; can now perform the functions of
3349 &man.gifconfig.8;. &merged;</para>
3350
3351 <para role="historic">&man.ifconfig.8; can now perform the functions of
3352 &man.prefix.8;. &man.prefix.8; is now a shell script for
3353 partial backwards compatibility. &merged;</para>
3354
3355 <para role="historic">&man.ndp.8; now implements garbage collection for stale
3356 NDP entries, as described in RFC 2461 (Neighbor Discovery
3357 for IP Version 6 (IPv6)). &merged;</para>
3358
3359 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due
3360 to restrictive licensing conditions. These programs are
3361 available in the ports collection as
3362 <filename role="package">net/pim6dd</filename> and
3363 <filename role="package">net/pim6sd</filename>. &merged;</para>
3364
3365 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag
3366 to avoid updating the kernel forwarding
3367 table. &merged;</para>
3368
3369 <para role="historic">The <option>-R</option> (router renumbering) option to
3370 &man.rtadvd.8; is currently ignored. &merged;</para>
3371 </sect4>
3372
3373 <sect4>
3374 <title>OpenSSH</title>
3375
3376 <para role="historic"><application>OpenSSH</application> has been updated to
3377 2.9, which provides support for the SSH2 protocol (now the
3378 default) and DSA keys. &man.ssh-add.1; and
3379 &man.ssh-agent.1; can now handle DSA keys, with support for
3380 authentication forwarding.
3381 <application>OpenSSH</application> users in the USA no
3382 longer need to rely on the restrictively-licensed RSAREF
3383 toolkit which is required to handle RSA keys. Among other
3384 new features: A client and server for &man.sftp.1; has been added.
3385 &man.scp.1; can now handle files larger than 2 GBytes. A
3386 limit on the number of outstanding, unauthenticated
3387 connections in &man.sshd.8; has been added. Support has
3388 been added for the Rijndael encryption algorithm. Rekeying
3389 of existing sessions is now supported, and an experimental
3390 <application>SOCKS4</application> proxy has been added to
3391 &man.ssh.1;. &merged;</para>
3392
3393 <para><application>OpenSSH</application> has been updated to
3394 version 3.1. Among the changes:
3395 <itemizedlist>
3396 <listitem>
3397 <para>The <filename>*2</filename> files are obsolete
3398 (for example,
3399 <filename>~/.ssh/known_hosts</filename> can hold the
3400 contents of
3401 <filename>~/.ssh/known_hosts2</filename>).</para>
3402 </listitem>
3403 <listitem>
3404 <para>&man.ssh-keygen.1; can import and export keys using
3405 the SECSH Public Key File Format, for key exchange
3406 with several commercial SSH implementations.</para>
3407 </listitem>
3408 <listitem>
3409 <para>&man.ssh-add.1; now adds all three default keys.</para>
3410 </listitem>
3411 <listitem>
3412 <para>&man.ssh-keygen.1; no longer defaults to a
3413 specific key type; one must be specified with the
3414 <option>-t</option> option.</para>
3415 </listitem>
3416 </itemizedlist>
3417 </para>
3418
3419 <para><application>OpenSSH</application> can now authenticate
3420 using <application>OPIE</application> passwords.</para>
3421
3422 <para><application>PAM</application> support for
3423 <application>OpenSSH</application> has been added.</para>
3424
3425 <para>A long-standing bug in
3426 <application>OpenSSH</application>, which sometimes resulted
3427 in a dropped session when an X11-forwarded client was
3428 closed, was fixed.</para>
3429
3430 <para role="historic"><application>Kerberos</application> compatibility has
3431 been added to
3432 <application>OpenSSH</application>. &merged;</para>
3433
3434 <para role="historic"><application>OpenSSH</application> has been modified to
3435 be more resistant to traffic analysis by requiring that
3436 <quote>non-echoed</quote> characters are still echoed back
3437 in a null packet, as well as by padding passwords sent so as
3438 not to hint at password lengths. &merged;</para>
3439
3440 <para role="historic">&man.sshd.8; is now enabled by default on new
3441 installs. &merged;</para>
3442
3443 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now
3444 turned on by default on the server (any risk is to the
3445 client, where it is already disabled by
3446 default). &merged;</para>
3447
3448 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the
3449 <literal>ConnectionsPerPeriod</literal> parameter has been
3450 deprecated in favor of
3451 <literal>MaxStartups</literal>. &merged;</para>
3452
3453 <para role="historic"><application>OpenSSH</application> now has a
3454 <literal>VersionAddendum</literal> configuration setting for
3455 &man.sshd.8; to allow changing the part of the
3456 <application>OpenSSH</application> version string after the
3457 main version number. &merged;</para>
3458 </sect4>
3459
3460 <sect4>
3461 <title>OpenSSL</title>
3462
3463 <para><application>OpenSSL</application> has been updated to
3464 0.9.6c.</para>
3465
3466 <para role="historic"><application>OpenSSL</application> now has support for
3467 machine-dependent ASM optimizations, activated by the new
3468 <varname>MACHINE_CPU</varname> and/or
3469 <varname>CPUTYPE</varname>
3470 <filename>make.conf</filename> variables. &merged;</para>
3471 </sect4>
3472
3473 <sect4>
3474 <title>sendmail</title>
3475
3476 <para><application>sendmail</application> has been updated
3477 from version 8.9.3 to version 8.12.4. Important changes
3478 include: &man.sendmail.8; is no longer installed as a
3479 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new
3480 default file locations (see
3481 <filename>/usr/src/contrib/sendmail/cf/README</filename>);
3482 &man.newaliases.1; is limited to <username>root</username>
3483 and trusted users; STARTTLS encryption; and the MSA port
3484 (587) is turned on by default. See
3485 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename>
3486 for more information. &merged;</para>
3487
3488 <para role="historic">&man.mail.local.8; is no longer installed as a
3489 set-user-ID binary. If you are using a
3490 <filename>/etc/mail/sendmail.cf</filename> from the default
3491 <filename>sendmail.cf</filename> included with &os; any time
3492 after 3.1.0, you are fine. If you are using a
3493 hand-configured <filename>sendmail.cf</filename> and
3494 <command>mail.local</command> for delivery, check to make sure the
3495 <literal>F=S</literal> flag is set on the
3496 <literal>Mlocal</literal> line. Those with
3497 <filename>.mc</filename> files who need to add the flag can
3498 do so by adding the following line to their
3499 <filename>.mc</filename> file and regenerating the
3500 <filename>sendmail.cf</filename> file:</para>
3501
3502 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting>
3503
3504 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already
3505 does this. &merged;</para>
3506
3507 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename>
3508 disables the SMTP <literal>EXPN</literal> and
3509 <literal>VRFY</literal> commands. &merged;</para>
3510
3511 <para role="historic">&man.vacation.1; has been updated to use the version
3512 included with <application>sendmail</application>. &merged;</para>
3513
3514 <para role="historic">The <application>sendmail</application> configuration
3515 building tools are installed in
3516 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para>
3517
3518 <para role="historic">New <filename>make.conf</filename> options:
3519 <varname>SENDMAIL_MC</varname> and
3520 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See
3521 <filename>/usr/share/examples/etc/make.conf</filename> for more
3522 information. &merged;</para>
3523
3524 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports:
3525 the new <varname>SENDMAIL_MC</varname>
3526 <filename>make.conf</filename> option; the ability to build
3527 <filename>.cf</filename> files from
3528 <filename>.mc</filename> files; generalized map rebuilding;
3529 rebuilding the aliases file; and the ability to stop, start,
3530 and restart
3531 <application>sendmail</application>. &merged;</para>
3532
3533 <para role="historic">The <username>smmsp</username> and
3534 <username>mailnull</username> users have been added to
3535 <filename>/etc/master.passwd</filename>. In the absence of a
3536 <literal>confDEF_USER_ID</literal> setting, by default,
3537 <application>sendmail</application> will use the
3538 <username>mailnull</username> user for extra security.
3539 Previously, if the <username>mailnull</username> user did
3540 not exist, the <username>daemon</username> user was used.
3541 This change may generate some permissions issues when
3542 mailing to files or to programs (such as <filename
3543 role="package">mail/majordomo</filename>). &merged; The
3544 previous behavior can be restored by adding the following
3545 line to a system's
3546 <filename><replaceable>*</replaceable>.mc</filename>
3547 configuration file:
3548
3549 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting>
3550 </para>
3551
3552 <para role="historic">Beginning with the import of
3553 <application>sendmail</application> 8.12.2, multiple
3554 <application>sendmail</application> daemons (some required
3555 to handle outgoing mail) are started by &man.rc.8;, even if
3556 the <varname>sendmail_enable</varname> variable is set to
3557 <literal>NO</literal>. To completely disable
3558 <application>sendmail</application>,
3559 <varname>sendmail_enable</varname> must be set to
3560 <literal>NONE</literal>. Alternatively, for systems using a
3561 different MTA, the <varname>mta_start_script</varname> variable can
3562 be used to point to a different startup script (more details
3563 can be found in &man.rc.sendmail.8;). &merged;</para>
3564
3565 <para>By default, &man.rc.8; no longer enables
3566 <application>sendmail</application> for inbound SMTP
3567 connections. Note that &man.sysinstall.8; may override this
3568 default for a binary installation, based on what security
3569 profile is selected. This functionality can also be
3570 manually enabled by adding the following line to
3571 <filename>/etc/rc.conf</filename>:</para>
3572
3573 <programlisting>sendmail_enable="YES"</programlisting>
3574
3575 <para>The permissions for <application>sendmail</application>
3576 alias and map databases built via
3577 <filename>/etc/mail/Makefile</filename> now default to mode
3578 0640 to protect against a file locking local denial of service.
3579 It can be changed by setting the new
3580 <varname>SENDMAIL_MAP_PERMS</varname>
3581 <filename>make.conf</filename> option. &merged;</para>
3582
3583 <para>The permissions for the <application>sendmail</application>
3584 statistics file, <filename>/var/log/sendmail.st</filename>, have
3585 been changed from mode 0644 to mode 0640 to protect against
3586 a file locking local denial of service. &merged;</para>
3587
3588 </sect4>
3589 </sect3>
3590
3591 <sect3>
3592 <title>Ports/Packages Collection Infrastructure</title>
3593
3594 <para><application>BSDPAN</application>, a collection of modules
3595 that provides tighter integration of
3596 <application>Perl</application> into the &os; Ports
3597 Collection, has been added.</para>
3598
3599 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with
3600 packages that have been compressed using
3601 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT
3602 environment variable to determine a mirror site for new
3603 packages. &merged;</para>
3604
3605 <para role="historic">&man.pkg.create.1; now records dependencies in dependency
3606 order rather than in the order specified on the command line.
3607 This improves the functioning of <command>pkg_add
3608 -r</command>. &merged;</para>
3609
3610 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to
3611 create a package file from a locally-installed
3612 package. &merged;</para>
3613
3614 <para role="historic">When requested to delete multiple packages,
3615 &man.pkg.delete.1; will now attempt to remove them in
3616 dependency order rather than the order specified on the
3617 command line. &merged;</para>
3618
3619 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of
3620 package names. In addition, it supports a <option>-a</option>
3621 option for removing all packages and a <option>-i</option>
3622 option for &man.rm.1;-style interactive
3623 confirmation. &merged;</para>
3624
3625 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option>
3626 option for recursive package removal. &merged;</para>
3627
3628 <para role="historic">&man.pkg.info.1; now supports globbing against names of
3629 installed packages. The <option>-G</option> option disables
3630 this behavior, and the <option>-x</option> option causes
3631 regular expression matching instead of shell
3632 globbing. &merged;</para>
3633
3634 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag
3635 for verifying an installed package against its recorded
3636 checksums (to see if it's been modified post-installation).
3637 Naturally, this mechanism is only as secure as the contents of
3638 <filename>/var/db/pkg</filename> if it's to be used for auditing
3639 purposes. &merged;</para>
3640
3641 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to
3642 digitally sign and verify the signatures on binary package
3643 files. &merged;</para>
3644
3645 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X
3646 releases) included a pkg_update(1) utility to update installed
3647 packages, as well as their dependencies. This utility has
3648 been removed; a superset of its functionality can be found in
3649 the <filename role="package">sysutils/portupgrade</filename>
3650 port.</para>
3651
3652 <para role="historic">&man.pkg.version.1; now has a version number comparison
3653 routine that corresponds to the Porters Handbook. It also has
3654 a <option>-t</option> option for testing address comparisons.
3655 &merged;</para>
3656
3657 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag
3658 to limit its operation to ports/packages matching a given
3659 string. &merged;</para>
3660
3661 <para role="historic">Version numbers of installed packages have a new
3662 (backward-compatible) syntax, which supports the
3663 <varname>PORTREVISION</varname> and
3664 <varname>PORTEPOCH</varname> variables in Ports Collection
3665 <filename>Makefile</filename>s. These changes help keep track
3666 of changes in the ports collection entries such as security
3667 patches or &os;-specific updates, which aren't reflected in
3668 the original, third-party software distributions.
3669 &man.pkg.version.1; can now compare these new-style version
3670 numbers. &merged;</para>
3671
3672 <para role="historic">To improve performance and disk utilization, the
3673 <quote>ports skeletons</quote> in the &os; Ports Collection
3674 have been restructured. Installed ports and packages should
3675 not be affected. &merged;</para>
3676
3677 <para role="historic">All packages and ports now contain an
3678 <quote>origin</quote> directive, which makes it easier for
3679 programs such as &man.pkg.version.1; to determine the
3680 directory from which a package was built. &merged;</para>
3681
3682 <para role="historic">The Ports Collection infrastructure now uses
3683 <application>XFree86</application> 4.2.0 as the default version
3684 of the X Window System for the purposes of satisfying
3685 dependencies. To return to using
3686 <application>XFree86</application> 3.3.6, add the following line
3687 to <filename>/etc/make.conf</filename>: &merged;</para>
3688
3689 <programlisting role="historic">XFREE86_VERSION=3</programlisting>
3690
3691 <para>The libraries installed by the <filename
3692 role="package">emulators/linux_base</filename> port (required
3693 for Linux emulation) have been updated; they now correspond to
3694 those included with <application>Red Hat Linux</application>
3695 7.1.</para>
3696 </sect3>
3697 </sect2>
3698
3699 <sect2>
3700 <title>Release Engineering and Integration</title>
3701
3702 <para>The <filename>bin</filename> distribution has been renamed
3703 <filename>base</filename>, in order to make creation of combined
3704 install/recovery disks easier.</para>
3705
3706 <para arch="i386">ISO images and CDROMs now use the
3707 <filename>cdboot</filename> boot loader by default. This
3708 eliminates the need for an emulated floppy disk image on
3709 a bootable CDROM and allows for a full
3710 <filename>GENERIC</filename> kernel to be used for CDROM
3711 installations, at the expense of compatability with some old
3712 BIOSs.</para>
3713
3714 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0
3715 is now the default version of the X Window System supported by
3716 &man.sysinstall.8;. It installs
3717 <application>XFree86</application> as a set of standard binary
3718 packages, so the usual package utilities such as
3719 &man.pkg.info.1; can be used to examine/manipulate its
3720 components. &merged;</para>
3721
3722 <para>It is now possible to make releases of &os;
3723 &release.current; on a &os; 4-STABLE host. Cross-architecture
3724 (building a release for a target architecture on a host of a
3725 different architecture) releases are also possible. See
3726 &man.release.7; for details.</para>
3727
3728 </sect2>
3729</sect1>
3730
3731<sect1>
3732 <title>Upgrading from previous releases of &os;</title>
3733
3734 <para>If you're upgrading from a previous release of &os;, you
3735 generally will have three options:
3736
3737 <itemizedlist>
3738 <listitem>
3739 <para>Using the binary upgrade option of &man.sysinstall.8;.
3740 This option is perhaps the quickest, although it presumes
3741 that your installation of &os; uses no special compilation
3742 options.</para>
3743 </listitem>
3744 <listitem>
3745 <para>Performing a complete reinstall of &os;. Technically,
3746 this is not an upgrading method, and in any case is usually less
3747 convenient than a binary upgrade, in that it requires you to
3748 manually backup and restore the contents of
3749 <filename>/etc</filename>. However, it may be useful in
3750 cases where you want (or need) to change the partitioning of
3751 your disks.
3752 </listitem>
3753 <listitem>
3754 <para>From source code in <filename>/usr/src</filename>. This
3755 route is more flexible, but requires more disk space, time,
3756 and more technical expertise. Upgrading from very old
3757 versions of &os; may be problematic; in cases like this, it
3758 is usually more effective to perform a binary upgrade or a
3759 complete reinstall.</para>
3760 </listitem>
3761 </itemizedlist>
3762 </para>
3763
3764 <para>Please read the <filename>INSTALL.TXT</filename> file for more
3765 information, preferably <emphasis>before</emphasis> beginning an
3766 upgrade. If you are upgrading from source, please be sure to read
3767 <filename>/usr/src/UPDATING</filename> as well.</para>
3768
3769 <para>Finally, if you want to use one of various means to track the
3770 -STABLE or -CURRENT branches of &os;, please be sure to consult
3771 the <ulink
3772 url="http://www.FreeBSD.org/handbook/current-stable.html"><quote>-CURRENT
3773 vs. -STABLE</quote></ulink> section of the <ulink
3774 url="http://www.FreeBSD.org/handbook/">FreeBSD
3775 Handbook</ulink>.</para>
3776
3777 <important>
3778 <para>Upgrading &os; should, of course, only be attempted after
3779 backing up <emphasis>all</emphasis> data and configuration
3780 files.</para>
3781 </important>
3782</sect1>
| 89
90 <para>Many additional changes were made to &os; that are not listed
91 here for lack of space. For example, documentation was corrected
92 and improved, minor bugs were fixed, insecure coding practices
93 were audited and corrected, and source code was cleaned up.</para>
94
95 <sect2 id="kernel">
96 <title>Kernel Changes</title>
97
98 <para arch="i386" role="historic">The &man.amdpm.4; driver has been added to
99 provide access to the system monitoring functions of the AMD 756
100 chipset. &merged;</para>
101
102 <para role="historic">The &man.agp.4; driver for AGP devices has been
103 added. &merged;</para>
104
105 <para>A new &man.ddb.4; command <command>show pcpu</command> lists
106 some of the per-CPU data.</para>
107
108 <para role="historic">Two new &man.ddb.4; commands, <command>hwatch</command> and
109 <command>dhwatch</command>, have been introduced. Analogous to
110 <command>watch</command> and <command>dwatch</command>, they
111 install hardware watchpoints (as opposed to software
112 watchpoints) if supported by the architecture. &merged;</para>
113
114 <para>&man.devfs.5;, which allows entries in the
115 <filename>/dev</filename> directory to be built automatically
116 and supports more flexible attachment of devices, has been
117 largely reworked. &man.devfs.5; is now enabled by default and
118 can be disabled by the <literal>NODEVFS</literal> kernel
119 option.</para>
120
121 <para>The dgm driver has been removed in favor of the digi driver.</para>
122
123 <para>A new digi driver has been added to support PCI Xr-based and
124 ISA Xem Digiboard cards. A new &man.digictl.8; program is
125 (mainly) used to re-initialize cards that have external port
126 modules attached such as the PC/Xem.</para>
127
128 <para>An &man.eaccess.2; system call has been added, similar to
129 &man.access.2; except that the former uses effective credentials
130 rather than real credentials.</para>
131
132 <para arch="sparc64">Support has been added for EBus-based
133 devices.</para>
134
135 <para arch="i386" role="historic">The &man.ichsmb.4; driver for the Intel 82801AA
136 (ICH) SMBus controller and compatibles has been
137 added. &merged;</para>
138
139 <para>Each &man.jail.2; environment can now run under its own
140 securelevel.</para>
141
142 <para>The tunable sysctl variables for &man.jail.2; have moved
143 from <varname>jail.*</varname> to the
144 <varname>security.*</varname> hierarchy. Other security-related
145 sysctl variables have moved from <varname>kern.security.*</varname> to
146 <varname>security.*</varname>.</para>
147
148 <para role="historic">The <varname>kern.maxvnodes</varname> limit now properly
149 limits the number of vnodes in use. Previously only vnodes with
150 no cached pages could be freed; this could allow the number of
151 vnodes to grow without limit on large-memory machines accessing
152 many small files. A <literal>vnlru</literal> kernel thread
153 helps to flush and reuse vnodes. &merged;</para>
154
155 <para role="historic">The kernel message buffer is now accessible by the
156 (machine-independent) <varname>kern.msgbuf</varname> sysctl
157 variable; &man.dmesg.8; no longer needs to be SGID
158 <groupname>kmem</groupname>. &merged;</para>
159
160 <para>The kernel environment is now dynamic, and can be changed
161 via the new &man.kenv.2; system call.</para>
162
163 <para role="historic">The &man.kqueue.2; event notification facility was added to
164 the &os; kernel. This is a new interface which is able to
165 replace &man.poll.2;/&man.select.2;, offering improved
166 performance, as well as the ability to report many different
167 types of events. Support for monitoring changes in sockets,
168 pipes, fifos, and files are present, as well as for signals and
169 processes. &merged;</para>
170
171 <para arch="i386,pc98" role="historic">A new <varname>KVA_SPACE</varname> kernel option
172 can be used to reconfigure the size of the kernel virtual
173 address space. &merged;</para>
174
175 <para>The labpc(4) driver has been removed due to
176 <quote>bitrot</quote>.</para>
177
178 <para>The loader and kernel linker now look for files named
179 <filename>linker.hints</filename> in each directory with KLDs
180 for a module name and version to KLD filename mapping. The new
181 &man.kldxref.8; utility is used to generate these files.</para>
182
183 <para role="historic">Linux emulation now supports the kernel functionality
184 required by the
185 <filename role="package">emulators/linux_base</filename>
186 (RedHat 7.X emulation) port. &merged;</para>
187
188 <para role="historic">Linux emulation now requires <literal>options
189 SYSVSEM</literal> in the kernel configuration. &merged;</para>
190
191 <para>&man.lomac.4;, a Low-Watermark Mandatory Access Control
192 security facility, has been added as a kernel module. It
193 provides a drop-in security mechanism in addition to the
194 traditional UID-based security facilities, requiring no
195 additional configuration from the administrator. Work on this
196 feature was sponsored by DARPA and NAI Labs.</para>
197
198 <para role="historic">The <varname>maxusers</varname> kernel configuration
199 parameter is now a boot-time tunable variable. The kernel
200 parameters derived from <varname>maxusers</varname> are now also
201 tunables and can be overridden at boot-time. The
202 <varname>hz</varname> parameter is also now a
203 tunable. &merged;</para>
204
205 <para role="historic">Specifying a value of <literal>0</literal> for the
206 <varname>maxusers</varname> kernel configuration parameter will
207 now cause an appropriate value to be calculated at boot-time
208 (between 32 and 384, depending on the amount of memory present).
209 This value is now the default for all
210 <filename>GENERIC</filename> kernels. &merged;</para>
211
212 <para arch="alpha" role="historic">A <varname>MAXMEM</varname> kernel option,
213 along with the <varname>hw.physmem</varname> loader tunable, can
214 be used to artificially reduce the memory size of a machine for
215 testing (or other purposes). &merged;</para>
216
217 <para role="historic">The kernel configuration parameters
218 <varname>MAXTSIZ</varname>, <varname>DFLDSIZ</varname>,
219 <varname>MAXDSIZ</varname>, <varname>DFLSSIZ</varname>,
220 <varname>MAXSSIZ</varname>, and <varname>SGROWSIZ</varname> are
221 all loader tunables (<varname>kern.maxtsiz</varname>,
222 <varname>kern.maxdfldsiz</varname>, etc.). &merged;</para>
223
224 <para>&man.mutex.9; profiling code has been added, enabled by the
225 <literal>MUTEX_PROFILING</literal> kernel configuration option.
226 It enables the <varname>debug.mutex.prof.*</varname> hierarchy
227 of sysctl variables.</para>
228
229 <para arch="i386,pc98" role="historic">The <literal>NCPU</literal>,
230 <literal>NAPIC</literal>, <literal>NBUS</literal>, and
231 <literal>NINTR</literal> kernel configuration options,
232 for configuring SMP kernels, have been removed.
233 <literal>NCPU</literal> is now set to a maximum of 16,
234 and the other, aforementioned options are now
235 dynamic. &merged;</para>
236
237 <para role="historic">A &man.nmdm.4; null-modem terminal driver has been added.
238 &merged;</para>
239
240 <para role="historic">The <literal>O_DIRECT</literal> flag has been added to
241 &man.open.2; and &man.fcntl.2;. Specifying this flag for open
242 files will attempt to minimize the cache effects of reading and
243 writing. &merged;</para>
244
245 <para role="historic">An &man.orm.4; device has been added to claim the option
246 ROMs in the ISA memory I/O space, to prevent other drivers from
247 mistakenly assigning addresses that conflict with these
248 ROMs. &merged;</para>
249
250 <para arch="i386,pc98">PECOFF (Win32 Execution file format) support has
251 been added.</para>
252
253 <para arch="pc98" role="historic">The pmc driver, which supports the power
254 management controller of the NEC PC-98NOTE, has been
255 added. &merged;</para>
256
257 <para role="historic">POSIX.1b Shared Memory Objects are now supported. The
258 implementation uses regular files, but automatically enables the
259 MAP_NOSYNC flag when they are &man.mmap.2;-ed. &merged;</para>
260
261 <para role="historic">Replaced the <literal>PQ_*CACHE</literal> options with a
262 single <literal>PQ_CACHESIZE</literal> option to be set to the
263 cache size in kilobytes. The old options are still supported
264 for backwards compatibility. &merged;</para>
265
266 <para arch="i386" role="historic">The &man.puc.4; (PCI <quote>Universal</quote>
267 Communications) driver has been added, to help connect PCI-based
268 serial ports to the &man.sio.4; driver. &merged;</para>
269
270 <para>The &man.random.4; device has been rewritten to use the
271 <application>Yarrow</application> algorithm. It harvests
272 entropy from a variety of interrupt sources, including the
273 console devices, Ethernet and point-to-point network interfaces,
274 and mass-storage devices. Entropy from the &man.random.4;
275 device is now periodically saved to files in
276 <filename>/var/db/entropy</filename>, as well as at shutdown
277 time. The semantics of <filename>/dev/random</filename> have
278 changed; it never blocks waiting for entropy bits but generates
279 a stream of pseudo-random data and now behaves exactly as
280 <filename>/dev/urandom</filename>.</para>
281
282 <para>A new kernel option, <literal>options REGRESSION</literal>,
283 enables interfaces and functionality intended for use during
284 correctness and regression testing.</para>
285
286 <para arch="sparc64">Support has been added for SBus-based
287 devices.</para>
288
289 <para arch="sparc64">The se driver, which supports the Siemens
290 SAB82532 serial chip found on many newer Sparc Ultra machines,
291 has been added.</para>
292
293 <para role="historic">The &man.snp.4; device is no longer static and can now be
294 compiled as a module. &merged;</para>
295
296 <para arch="i386" role="historic">The &man.spic.4; driver, which provides access
297 to the Jog Dial device on some Sony laptops, has been
298 added. &man.moused.8; support for this device has also been
299 added. &merged;</para>
300
301 <para>The &man.syscons.4; driver now supports keyboard-controlled
302 pasting, by default bound to
303 <keycap>Shift</keycap>-<keycap>Insert</keycap>.</para>
304
305 <para role="historic">Support for USB devices was added to the
306 <filename>GENERIC</filename> kernel and to the installation
307 programs to support USB devices out of the box. Note that SRM
308 does not support USB devices at the moment, so you must still
309 use an AT keyboard if you are not using a serial
310 console. &merged;</para>
311
312 <para arch="i386,pc98" role="historic">The &man.umodem.4; driver for USB modems
313 has been added. Support is provided for the 3Com 5605 and
314 Metricom Ricochet GS wireless USB modems. &merged;</para>
315
316 <para arch="i386,pc98" role="historic">The &man.uscanner.4; driver for basic USB
317 scanner support using SANE has been added. See <ulink
318 url="http://www.mostang.com/sane/">the SANE home page</ulink>
319 for supported scanners. The HP ScanJet 4100C, 5200C and 6300C
320 are known to be working. &merged;</para>
321
322 <para>The &man.ucom.4; device driver has been added, to support USB
323 modems, serial devices, and other programs that need to look
324 like a tty. The related &man.uplcom.4; and &man.uvscom.4; drivers provide specific
325 support for the Prolific PL-2303 serial adapter and the SUNTAC
326 Slipper U VS-10U, respectively.</para>
327
328 <para>To increase security, the <literal>UCONSOLE</literal> kernel
329 configuration option has been removed.</para>
330
331 <para arch="i386,pc98">The UserConfig boot-time kernel configuration
332 feature, usually used to enable, disable, or configure ISA
333 devices, has been removed. Its functionality has been replaced
334 by the kernel hints file in
335 <filename>/boot/device.hints</filename>.</para>
336
337 <para>The <literal>USER_LDT</literal> kernel option is now
338 activated by default.</para>
339
340 <para>A VESA S3 linear framebuffer driver has been added.</para>
341
342 <para arch="i386" role="historic">The &man.viapm.4; driver for VIA SMBus
343 power management controllers has been added. &merged;</para>
344
345 <!-- Above this line, sort kernel changes by manpage/keyword-->
346
347 <para role="historic">Write combining for crashdumps has been implemented. This
348 feature is useful when write caching is disabled on both SCSI
349 and IDE disks, where large memory dumps could take up to an hour
350 to complete. &merged;</para>
351
352 <para>The kernel crashdump infrastructure has been revised, to
353 support new platforms and in general clean up the logic in the
354 code. One implication of this change is that the on-disk format
355 for kernel dumps has changed, and is now
356 byte-order-agnostic.</para>
357
358 <para>Extremely large swap areas (>67 GB) no longer panic the
359 system.</para>
360
361 <para arch="alpha">Support for threads under Linux emulation has
362 been added.</para>
363
364 <para role="historic">The <maketarget>buildkernel</maketarget> target now gets the
365 name of the configuration(s) to build from the
366 <varname>KERNCONF</varname> variable, not
367 <varname>KERNEL</varname>. It is no longer required, in some
368 cases, for a <maketarget>buildworld</maketarget> to precede a
369 <maketarget>buildkernel</maketarget>. (The
370 <maketarget>buildworld</maketarget> is still required when
371 upgrading across major releases, across
372 <application>binutil</application> updates and when
373 &man.config.8; changes version.) &merged;</para>
374
375 <para role="historic">The out-of-swap process termination code now begins killing
376 processes earlier to avoid deadlocks; it now also takes into
377 account the swap space used by processes when computing the
378 process sizes. &merged;</para>
379
380 <para>Linker sets are now self-contained; gensetdefs(8) is
381 unnecessary and has been removed.</para>
382
383 <para role="historic">Network device cloning has been implemented, and the
384 &man.gif.4; device has been modified to take advantage of it.
385 Thus, instead of specifying how many &man.gif.4; interfaces are
386 available in kernel configuration files, &man.ifconfig.8;'s
387 <option>create</option> option should be used when another device
388 instance is desired. &merged;</para>
389
390 <para>It is now possible to hardwire kernel environment variables
391 (such as tuneables) at compile-time using &man.config.8;'s
392 <literal>ENV</literal> directive.</para>
393
394 <para>Idle zeroing of pages can be enabled with the
395 <varname>vm.idlezero_enable</varname> sysctl variable.</para>
396
397 <para arch="i386,pc98" role="historic">The load addresses of kernels are now exported
398 to the symbol table and various hard-coded constants have been
399 removed so that utilities such as &man.ps.1; can work with
400 kernels compiled at different addresses. &merged;</para>
401
402 <para role="historic">Coredumps of large processes (or of a large number of
403 processes) no longer lock up the machine for long periods of
404 time. &merged;</para>
405
406 <para>The Kernel-Scheduled Entity project has made changes to the
407 kernel scheduler to more efficiently handle multi-threaded
408 programs.</para>
409
410 <para>The kernel now has support for multiple low-level console
411 devices. The new &man.conscontrol.8; utility helps to manage
412 the different consoles.</para>
413
414 <para arch="alpha">The console driver has gained support for
415 TGA-based display adapters.</para>
416
417 <para role="historic">The kernel on the installation CDs is now separated from the
418 <filename>mfsroot</filename> image. This permits the use of a
419 full kernel when installing from CD on machines that support CD
420 booting (instead of the stripped-down kernel used on
421 floppies). &merged;</para>
422
423 <para role="historic">The system load average computation now adds some jitter to
424 the timing of samples, in order to avoid synchronization with
425 processes that run periodically. &merged;</para>
426
427 <para role="historic">If a debugging kernel with modules is being built
428 (i.e. using <literal>makeoptions DEBUG=-g</literal>), the
429 modules will now be built with debugging support as well, for
430 completeness. A side effect of this change is that modules
431 built and installed with debugging kernels will now occupy more
432 space on disk than they did previously. &merged;</para>
433
434 <para role="historic">The kernel dump device can now be set via the
435 <varname>dumpdev</varname> loader tunable. As a result, it is
436 now possible to obtain crash dumps from panics during the late
437 stages of kernel initialization (before the system enters into
438 single-user mode). &merged;</para>
439
440 <para>The kernel memory allocator is now a slab memory allocator,
441 similar to that used in Solaris. This is a SMP-safe memory
442 allocator that has near-linear performance as the number of CPUs
443 increases. It also allows for reduced memory
444 fragmentation.</para>
445
446 <sect3>
447 <title>Processor/Motherboard Support</title>
448
449 <para>SMP support has been largely reworked, incorporating code
450 from BSD/OS 5.0. One of the main features of SMPng
451 (<quote>SMP Next Generation</quote>) is to allow more
452 processes to run in kernel, without the need for spin locks
453 that can dramatically reduce the efficiency of multiple
454 processors. Interrupt handlers now have contexts associated
455 with them that allow them to be blocked, which reduces the
456 need to lock out interrupts.</para>
457
458 <para arch="i386,pc98">Support for the 80386 processor has been
459 removed from the <filename>GENERIC</filename> kernel, as this
460 code seriously pessimizes performance on other IA32
461 processors.
462 The <literal>I386_CPU</literal> kernel option
463 to support the 80386 processor is now mutually exclusive with
464 support for other IA32 processors; this should slightly
465 improve performance on the 80386 due to the elimination of
466 runtime processor type checks.
467 Custom kernels that will run on the 80386 can
468 still be built by changing the cpu options in the kernel
469 configuration file to only include
470 <literal>I386_CPU</literal>.</para>
471
472 <para arch="alpha" role="historic">AlphaServer 1200 (<quote>Tincup</quote>) has
473 been tested and works OK. Currently it does not want to boot
474 from CD or floppy but a transplanted disk that was installed
475 on another Alpha works well. &merged;</para>
476
477 <para arch="alpha">The API UP1100 mainboard has been verified to
478 work.</para>
479
480 <para arch="alpha">The API CS20 1U high server has been verified
481 to work.</para>
482
483 <para arch="alpha">The DEC3000 series support has been removed
484 from the mfsroot floppy image so that it fits on a 1.44 Mbyte
485 floppy again. As the DEC3000 is currently only usable diskless
486 this should not cause any problems.</para>
487
488 <para arch="alpha">Support for AlphaServer 2100A
489 (<quote>Lynx</quote>) has been added.</para>
490
491 <para arch="alpha">Kernel code has been added that allows older
492 generation Alpha CPUs (EV4 and EV5) to emulate instructions of
493 the newer Alpha CPU generations. This enables the use of
494 binary-only programs like <application>Adobe Acrobat
495 4</application> on EV4 and EV5.</para>
496
497 <para arch="alpha">SMP support for the Alpha is now operational.</para>
498
499 <para arch="i386" role="historic">Detection for new processors, such as the
500 FC-PGA2 Pentium III (Tualatin), Transmeta Crusoe, and
501 Transmeta Crusoe LongRun, has been added. &merged;</para>
502
503 <para arch="alpha">Support for the following hardware has been
504 removed from the installation kernel to make it fit on a
505 1.44MB floppy again: Multia, NoName, PC64, EB64, Aspen Alpine,
506 sa (SCSI tape), amr, parallel port support, vx (3c590, 3c595),
507 pcn (AMD Am79C97x PCI 10/100), sf (Adaptec AIC-6915), sis (SiS
508 900/SiS 7016), ste (Sundance ST201 (D-Link DFE-550TX)), wb
509 (Winbond W89C840F).</para>
510
511 <para arch="i386" role="historic">Support for Streaming <acronym>SIMD</acronym>
512 Extensions (<acronym>SSE</acronym>) has been introduced. The
513 <literal>CPU_ENABLE_SSE</literal> kernel option controls
514 whether support is compiled into the kernel. &merged;</para>
515
516 <para arch="i386" role="historic">The <literal>CPU_ATHLON_SSE_HACK</literal>
517 kernel option has been added, which attempts to enable the SSE
518 feature bit on newer Athlon CPUs if the BIOS has forgotten to
519 enable it. &merged;</para>
520
521 <para arch="sparc64">The UltraSPARC platform is now supported by
522 &os;. The following machines are supported to at least some
523 degree: Ultra 1/2/5/10/30/60, Enterprise 220R/420R, Netra T1 AC200/DC200, Netra T 105, and Blade
524 100. SMP is supported, and has been tested on the
525 Ultra 2, Ultra 60, Enterprise 220R, and
526 Enterprise 420R.</para>
527
528 <para arch="i386" role="historic">On some systems, the BIOS does not activate
529 the I/O ports and memory of PC devices, thus making them
530 unusable. The <literal>PCI_ENABLE_IO_MODES</literal> kernel
531 option forces &os; to enable these devices so that they can be
532 used. &merged;</para>
533
534 </sect3>
535
536 <sect3>
537 <title>Bootloader Changes</title>
538
539 <para arch="i386" role="historic"><filename>boot2</filename> now supports a
540 <option>-n</option> option to disallow boot interruption by
541 keypresses. &merged;</para>
542
543 <para arch="i386" role="historic">A new <filename>cdboot</filename> bootstrap
544 utility for CDROMs provides better compatability with some
545 BIOS implementations that do not completely implement the El
546 Torito bootable CDROM standard. This boot loader supports
547 <quote>no emulation</quote> mode booting, thus eliminating the
548 need for an emulated floppy disk image on a bootable
549 CDROM. &merged;</para>
550
551 <para arch="i386,pc98" role="historic">The i386 boot loader now has support for a
552 <literal>nullconsole</literal> console type, for use on
553 systems with neither a video console nor a serial
554 port. &merged;</para>
555
556 <para arch="i386,pc98" role="historic">The &man.loader.8; now has optional support
557 (enabled at compile-time, off by default) for loading
558 <application>bzip2</application>-compressed kernels and
559 modules. &merged;</para>
560
561 <para arch="i386" role="historic">Support for Intel's Wired for Management 2.0
562 (PXE) was added to the &os; boot loader. Due to API
563 differences, the older PXE versions are not supported. This
564 allow network booting using DHCP. &merged;</para>
565
566 <!-- Above this line, order bootloader changes by keyword-->
567
568 <para arch="i386" role="historic">The &os; boot loader now contains a workaround
569 to support CDROM booting on certain IBM BIOSs that expect the
570 first sector of the emulated floppy to contain a valid MS-DOS
571 BPB that they can modify. &merged;</para>
572
573 <para arch="i386,pc98" role="historic">The &os; boot loader now supports a
574 <option>-p</option> flag to force the kernel to pause after
575 each line of output during the probing phase. &merged;</para>
576
577 <para arch="alpha,i386" role="historic">The &os; boot loader is now capable of
578 booting from filesystems with block sizes larger than
579 8K. &merged;</para>
580
581 <para>The kernel and modules have been moved to the directory
582 <filename>/boot/kernel</filename>, so they can be easily
583 manipulated together. The boot loader has been updated to
584 make this change as seamless as possible.</para>
585 </sect3>
586
587 <sect3>
588 <title>Network Interface Support</title>
589
590 <para role="historic">The &man.an.4; driver for Cisco Aironet cards now supports
591 Wired Equivalent Privacy (WEP) encryption, settable via
592 &man.ancontrol.8;. &merged;</para>
593
594 <para role="historic">The &man.an.4; driver now supports the Cisco Aironet 350
595 series of adaptors. &merged;</para>
596
597 <para role="historic">The &man.an.4; driver now supports <quote>monitor</quote>
598 mode, settable via the <option>-M</option> option to
599 &man.ancontrol.8;. &merged;</para>
600
601 <para role="historic">The &man.an.4; driver now supports Cisco LEAP, as well as
602 the <quote>Home</quote> WEP key. The Linux Aironet utilities
603 are now supported under emulation. &merged;</para>
604
605 <para arch="i386,pc98" role="historic">Generic support for ARCNET token-based
606 networks has been added. &merged;</para>
607
608 <para arch="i386,pc98" role="historic">The &man.bge.4; driver has been added to
609 support the Broadcom BCM570x family of Gigabit Ethernet
610 controllers, including the 3Com 3c996-T, the SysKonnect
611 SK-9D21 and SK-9D41, and the built-in Gigabit Ethernet NICs on
612 Dell PowerEdge 2550 servers. Output TCP/IP checksum offload,
613 jumbo frames and VLAN tag insertion/stripping are supported,
614 as well as interrupt moderation. &merged;</para>
615
616 <para arch="i386" role="historic">The cm driver has been added to support SMC
617 COM90cx6 ARCNET network adapters. &merged;</para>
618
619 <para>The &man.dc.4; driver now supports NICs based on the Xircom
620 3201 and Conexant LANfinity RS7112 chips.</para>
621
622 <para role="historic">The &man.dc.4; driver now has support for
623 VLANs. &merged;</para>
624
625 <para role="historic">The &man.de.4; driver now performs round-robin arbitration
626 between the transmit and receive units of the 21143, instead
627 of giving priority to the receive unit. This gives a
628 10–15% performance improvement in the forwarding rate
629 under heavy load. &merged;</para>
630
631 <para arch="alpha">The &man.ed.4; driver is now supported.</para>
632
633 <para arch="i386,pc98" role="historic">Linksys Fast Ethernet PCCARD cards supported
634 by the &man.ed.4; driver now require the addition of flag
635 <literal>0x80000</literal> to their config line in
636 &man.pccard.conf.5;. This flag is not optional. These
637 Linksys cards will not be recognized without
638 it. &merged;</para>
639
640 <para role="historic">A bug in the &man.ed.4; driver that could cause panics
641 with very short packets and BPF or bridging active has been
642 fixed. &merged;</para>
643
644 <para role="historic">The &man.ed.4; driver now has support for D-Link DL10022
645 chips, necessary for the NetGear FA-410TX and other cards. As
646 a result, <literal>device miibus</literal> is required in
647 kernel configurations using the &man.ed.4;
648 driver. &merged;</para>
649
650 <para arch="i386">The &man.el.4; driver can now be loaded as a
651 module.</para>
652
653 <para arch="i386,pc98" role="historic">The &man.em.4; driver has been added to
654 support NICs based on the Intel 82542, 82543, and 82544
655 Gigabit Ethernet controller chips. The driver supports
656 transmit/receive checksum offload and jumbo frames on 82543
657 and 82544-based adapters. &merged;</para>
658
659 <para role="historic">The &man.faith.4; device is now loadable, unloadable, and
660 clonable. &merged;</para>
661
662 <para arch="i386,pc98" role="historic">Support for Fujitsu MB86960A/MB86965A based
663 Ethernet PC-Cards has been added back in the &man.fe.4;
664 driver. &merged;</para>
665
666 <para arch="alpha" role="historic">The &man.fpa.4; driver now supports Digital's
667 DEFPA FDDI adaptors on the Alpha. &merged;</para>
668
669 <para role="historic">The &man.fxp.4; driver now requires a <literal>device
670 miibus</literal> entry in the kernel configuration
671 file. &merged;</para>
672
673 <para role="historic">The &man.fxp.4; driver now contains a workaround for PCI
674 protocol violations caused by defects in some systems based on
675 the Intel ICH2/ICH2-M chip. The workaround is to rewrite the
676 EEPROM on the interface to disable Dynamic Standby Mode; once
677 the EEPROM is rewritten, the system needs to be rebooted for
678 the new settings to take effect. &merged;</para>
679
680 <para role="historic">The &man.fxp.4; driver now supports Intel's loadable
681 microcode to implement receive-side interrupt coalescing and
682 packet bundling, on NICs that support these features. This
683 support can be activated by the use of the
684 <option>link0</option> option to
685 &man.ifconfig.8;. &merged;</para>
686
687 <para arch="sparc64">The gem driver has been added to support
688 the Sun GEM Gigabit Ethernet and ERI Fast Ethernet
689 adapters.</para>
690
691 <para role="historic">The &man.gx.4; driver has been added to support NICs based
692 on the Intel 82542 and 82543 Gigabit Ethernet controller
693 chips. Both fiber and copper variants of the cards are
694 supported. Both boards support VLAN tagging/insertion, and
695 the 82543 additionally supports TCP/IP checksum
696 offload. &merged;</para>
697
698 <para arch="sparc64">The hme driver has been added to support
699 the Sun HME Fast Ethernet adapter, onboard on many Sun Ultra
700 series machines.</para>
701
702 <para role="historic">The &man.lge.4; driver has been added to support the Level
703 1 LXT1001 NetCellerator Gigabit Ethernet controller chip. This
704 device is used on some fiber optic GigE cards from SMC, D-Link
705 and Addtron. Jumbograms and TCP/IP checksum offload on
706 receive are supported, although hardware VLAN filtering is
707 not. &merged;</para>
708
709 <para role="historic">The my driver, which supports the Myson Fast Ethernet and
710 Gigabit Ethernet adapters, has been added. &merged;</para>
711
712 <para role="historic">Added the &man.nge.4; driver, which supports PCI Gigabit
713 Ethernet adapters based on the National Semiconductor DP83820
714 and DP83821 Gigabit Ethernet controller chips, including the
715 D-Link DGE-500T, SMC EZ Card 1000 (SMC9462TX), Asante
716 FriendlyNet GigaNIC 1000TA and 1000TPC and Addtron AEG320T.
717 This driver supports transmit and receive checksum
718 offloading. &merged;</para>
719
720 <para role="historic">The &man.pcn.4; driver, which supports the AMD PCnet/FAST,
721 PCnet/FAST+, PCnet/FAST III, PCnet/PRO, PCnet/Home, and
722 HomePNA adapters, has been added. Although these cards are
723 already supported by the &man.lnc.4; driver, the &man.pcn.4;
724 driver runs these chips in 32-bit mode and uses the RX
725 alignment feature to achieve zero-copy receive. This driver
726 is also machine-independent, so it will work on the i386,
727 pc98 and Alpha platforms. The &man.lnc.4; driver is still needed
728 to support non-PCI cards. &merged;</para>
729
730 <para role="historic">The &man.ray.4; driver, which supports the Webgear Aviator
731 wireless network cards, has been committed. The operation of
732 &man.ray.4; interfaces can be modified by
733 &man.raycontrol.8;. &merged;</para>
734
735 <para arch="i386" role="historic">The sbni driver, for supporting the Granch
736 SBNI12 series of ISA and PCI point-to-point communications
737 interfaces, has been added. The <filename
738 role="package">sysutils/sbniconfig</filename> port in the &os;
739 Ports Collection can be used for configuring these
740 devices. &merged;</para>
741
742 <para role="historic">Added support for PCI Ethernet adapters based on the SiS
743 900 and SiS 7016 Fast Ethernet controller chips (for example,
744 as seen on the SiS 635 and 735 motherboard chipsets), as well
745 as the National Semiconductor DP83815 chipset (including the
746 NetGear FA311-TX and FA312-TX) in the form of the &man.sis.4;
747 driver. This device has support for VLANs. &merged;</para>
748
749 <para arch="pc98" role="historic">The snc driver for the National Semiconductor
750 DP8393X (SONIC) Ethernet controller has been added.
751 Currently, this driver is only used on the PC-98
752 architecture. &merged;</para>
753
754 <para>The &man.stf.4; device is now clonable.</para>
755
756 <para role="historic">The &man.tap.4; driver, a virtual Ethernet device driver
757 for bridged configurations, has been added. This device is
758 clonable. &merged;</para>
759
760 <para role="historic">The &man.ti.4; driver now supports the Alteon AceNIC
761 1000baseT Gigabit Ethernet and Netgear GA620T 1000baseT
762 Gigabit cards. &merged;</para>
763
764 <para role="historic">The &man.ti.4; driver correctly masks VLAN tags. &merged;</para>
765
766 <para role="historic">The &man.txp.4; driver has been added to support NICs
767 based on the 3Com 3XP Typhoon/Sidewinder (3CR990)
768 chipset. &merged;</para>
769
770 <para role="historic">&man.vlan.4; devices are now loadable, unloadable, and
771 clonable. &merged;</para>
772
773 <para role="historic">The &man.wi.4; driver now has support for Prism II and
774 Prism 2.5-based NICs. 104/128-bit WEP now works on Prism
775 cards. &merged;</para>
776
777 <para role="historic">The &man.wi.4; driver now supports using a &os; host as
778 a wireless access point. This functionality can be enabled
779 using the <literal>mediaopt hostap</literal> option of
780 &man.ifconfig.8;. This feature requires a wireless
781 adapter based on the Prism II chipset. &merged;</para>
782
783 <para role="historic">The &man.wi.4; driver now has support for
784 <application>bsd-airtools</application>. &merged;</para>
785
786 <para role="historic">The xe driver can now be built as a
787 module. &merged;</para>
788
789 <para role="historic">The &man.xl.4; driver now supports the 3Com 3C556 and
790 3C556B MiniPCI adapters used on some laptops. &merged;</para>
791
792 <para role="historic">The &man.xl.4; driver now supports reception of VLAN
793 tagged frames (on the <quote>Cyclone</quote> or newer
794 chipsets). &merged;</para>
795
796 <para role="historic">The &man.xl.4; driver now supports send- and receive-side
797 TCP/IP checksum offloading for NICs implementing this feature,
798 such as the 3C905B, 3C905C, and 3C980C. &merged;</para>
799
800 <para role="historic">A bug in the &man.xl.4; driver, related to statistics
801 overflow interrupt handling, was causing slowdowns at medium
802 to high packet rates; this has been fixed. &merged;</para>
803
804 <para role="historic">The per-interface <varname>ifnet</varname> structure now
805 has the ability to indicate a set of capabilities supported by
806 a network interface, and which ones are enabled.
807 &man.ifconfig.8; has support for querying these
808 capabilities. &merged;</para>
809
810 <para role="historic">Performance with hosts having a large number of IP aliases
811 has been improved, by replacing the per-interface
812 <varname>if_inaddr</varname> linear list with a hash table. &merged;</para>
813
814 <para>Network devices now automatically appear as special files in
815 <filename>/dev/net</filename>. Interface hardware ioctls (not
816 protocol or routing) can be performed on these devices. The
817 <varname>SIOCGIFCONF</varname> ioctl may be performed on the
818 special <filename>/dev/network</filename> node.</para>
819
820 <para role="historic">Selected network drivers now implement a semi-polling
821 mode, which makes systems much more resilient to attacks and
822 overloads. To enable polling, the following options are
823 required in a kernel configuration file:
824
825 <programlisting>options DEVICE_POLLING
826options HZ=1000 # not compulsory but strongly recommended</programlisting>
827
828 The <varname>kern.polling.enable</varname> sysctl variable
829 will then activate polling mode; with the
830 <varname>kern.polling.user_frac</varname> sysctl indicating
831 the percentage of CPU time to be reserved for userland. The
832 devices initially supporting polling are &man.dc.4;,
833 &man.fxp.4;, &man.rl.4;, and &man.sis.4;. More details can be found in
834 the &man.polling.4; manual page. &merged;</para>
835
836 <para arch="i386,pc98" role="historic">The packet-forwarding performance of certain
837 network drivers (specifically &man.dc.4; and &man.sis.4;) has
838 been enhanced by the elimination of unnecessary buffer
839 copies. &merged;</para>
840 </sect3>
841
842 <sect3>
843 <title>Network Protocols</title>
844
845 <para role="historic">&man.accept.filter.9;, a kernel feature to reduce
846 overheads when accepting and reading new connections on
847 listening sockets, has been added. &merged;</para>
848
849 <para role="historic">The <literal>proxy</literal> modifier to &man.arp.8;'s
850 <option>-d</option> option has been renamed to
851 <literal>pub</literal>, for consistency with the
852 <option>-s</option> option. The <literal>only</literal> keyword
853 has been added to the <option>-s</option> and
854 <option>-S</option> flags, to be used in creating
855 <quote>proxy-only</quote> published entries. &merged;</para>
856
857 <para role="historic">The read timeout feature of &man.bpf.4; now works more
858 correctly with &man.select.2;/&man.poll.2;, and therefore with
859 pthreads. &merged;</para>
860
861 <para role="historic">&man.bridge.4; and &man.dummynet.4; have received some
862 enhancements and bug fixes, and are now loadable
863 modules. &merged;</para>
864
865 <para role="historic">&man.bridge.4; now has better support for multiple,
866 fully-independent bridging clusters, and is much more stable
867 in the presence of dynamic attachments and detatchments. Full
868 support for VLANs is also supported. &merged;</para>
869
870 <para>ICMP ECHO and TSTAMP replies are now rate limited. TCP
871 RSTs generated due to packets sent to open and unopen ports
872 are now limited by separate counters. Each rate limiting
873 queue now has its own description.</para>
874
875 <para role="historic">ICMP <literal>UNREACH_FILTER_PROHIB</literal> messages can
876 now RST TCP connections in the <literal>SYN_SENT</literal>
877 state if the correct sequence numbers are sent back, as
878 controlled by the
879 <varname>net.inet.tcp.icmp_may_rst</varname> sysctl. &merged;</para>
880
881 <para>IP multicast now works on VLAN devices. Several other
882 bugs in the VLAN code have also been fixed.</para>
883
884 <para role="historic">A bug in the IPsec processing for IPv4, which caused the
885 inbound SPD checks to be ignored, has been fixed. &merged;</para>
886
887 <para role="historic">&man.ipfw.4; now filters correctly in the presence of ECN
888 bits in TCP segments. &merged;</para>
889
890 <para role="historic">A new ng_eiface netgraph module has been added, which
891 appears as an Ethernet interface but delivers its Ethernet
892 frames to a Netgraph hook. &merged;</para>
893
894 <para role="historic">A new &man.ng.etf.4; netgraph node allows Ethernet type
895 packets to be filtered to different hooks depending on
896 ethertype. &merged;</para>
897
898 <para>The &man.ng.gif.4; and &man.ng.gif.demux.4; netgraph
899 nodes, for operating on &man.gif.4; devices, have been
900 added.</para>
901
902 <para>The &man.ng.ip.input.4; netgraph node, for queueing IP
903 packets into the main IP input processing code, has been
904 added.</para>
905
906 <para role="historic">The &man.ng.mppc.4; and &man.ng.bridge.4; node types have
907 been added to the &man.netgraph.4; subsystem. The
908 &man.ng.ether.4; node is now dynamically loadable.
909 Miscellaneous bug fixes and enhancements have also been
910 made. &merged;</para>
911
912 <para role="historic">A new netgraph node type &man.ng.one2many.4; for
913 multiplexing and demultiplexing packets over multiple links
914 has been added. &merged;</para>
915
916 <para>A new ng_split node type has been added for splitting a
917 bidirectional packet flow into two unidirectional flows.</para>
918
919 <para role="historic">A new sysctl
920 <varname>net.inet.ip.check_interface</varname>, which is on by
921 default, causes IP to verify that an incoming packet arrives
922 on an interface that has an address matching the packet's
923 destination address. &merged;</para>
924
925 <para role="historic">A new sysctl
926 <varname>net.link.ether.inet.log_arp_wrong_iface</varname> has
927 been added to control the suppression of logging when ARP
928 replies arrive on the wrong interface. &merged;</para>
929
930 <para role="historic">A new <literal>options RANDOM_IP_ID</literal> kernel
931 option causes the ID field of IP packets to be randomized.
932 This closes a minor information leak which allows a remote
933 observer to determine the rate at which the machine is
934 generating packets, since the default behavior is to increment
935 a counter for each packet sent. &merged;</para>
936
937 <para arch="alpha">SLIP has been removed from the
938 <filename>mfsroot</filename> floppy image.</para>
939
940 <para role="historic">TCP has received some bug fixes for its delayed ACK
941 behavior. &merged;</para>
942
943 <para role="historic">TCP now supports the NewReno modification to the TCP Fast
944 Recovery algorithm. This behavior can be controlled via the
945 <varname>net.inet.tcp.newreno</varname> sysctl
946 variable. &merged;</para>
947
948 <para role="historic">TCP now uses a more aggressive timeout for initial SYN
949 segments; this allows initial connection attempts to be
950 dropped much faster. &merged;</para>
951
952 <para role="historic">The <literal>TCP_COMPAT_42</literal> kernel option has
953 been removed. &merged;</para>
954
955 <para role="historic">The <literal>TCP_RESTRICT_RST</literal> kernel option has
956 been removed. Similar functionality can be achieved with the
957 <varname>net.inet.tcp.blackhole</varname> sysctl
958 variable. &merged;</para>
959
960 <para role="historic">TCP now has RFC 1323 extensions enabled by default in
961 &man.rc.conf.5;. &merged;</para>
962
963 <para role="historic">RFC 1323 and RFC 1644 TCP extensions are now disabled for
964 a connection in progress if no response has been received by
965 the third SYN segment sent. This behavior tries to work
966 around (very old) terminal servers with buggy VJ header
967 compression implementations. &merged;</para>
968
969 <para role="historic">The TCP implementation no longer requires the allocation
970 of a TCP template structure for each connection; this should
971 reduce the buffer usage on large systems handling many
972 connections. &merged;</para>
973
974 <para role="historic">TCP's default buffer sizes, controlled by the
975 <varname>net.inet.tcp.sendspace</varname> and
976 <varname>net.inet.tcp.recvspace</varname> sysctl variables,
977 have been increased to 32K and 64K respectively. Previously,
978 the default for both buffer sizes was 16K. To try to avoid
979 increasing congestion, the default value for
980 <varname>net.inet.tcp.local_slowstart_flightsize</varname> has
981 been changed from infinity to 4. &merged;
982
983 <note>
984 <para>On busy hosts, the new larger buffer sizes may require
985 manually increasing the
986 <varname>NMBCLUSTERS</varname> parameter, either in the
987 kernel configuration file or via the
988 <varname>kern.ipc.nmbclusters</varname> loader tunable.
989 <command>netstat -mb</command> can be used to monitor the
990 state of mbuf clusters.</para>
991 </note>
992 </para>
993
994 <para role="historic">TCP now supports RFC 1948 (Defending Against Sequence
995 Number Attacks). The
996 <varname>net.inet.tcp.isn_reseed_interval</varname> sysctl
997 variable controls the reseeding of the secret data used in
998 the RFC 1948 initial sequence number calculations. &merged;</para>
999
1000 <para role="historic">The TCP implementation in &os; now implements a cache of
1001 outstanding, received SYN segments. Incoming SYN segments now
1002 cause entries to be placed in the cache until the TCP
1003 three-way handshake is complete, at which point, memory is
1004 allocated for the connection as usual. In addition, all TCP
1005 Initial Sequence Numbers (ISNs) are used as cookies, allowing
1006 entries in the cache to be dropped, but still have their
1007 corresponding ACKs accepted later. The combination of the
1008 so-called
1009 <quote>syncache</quote> and <quote>syncookies</quote> features
1010 makes a host much more resistant to TCP-based Denial of
1011 Service attacks. Work on this feature was sponsored by DARPA
1012 and NAI Labs. &merged;</para>
1013
1014 <para role="historic">A bug in the TCP implementation, which could cause
1015 connections to stall if a sender saw a zero-sized window, has
1016 been corrected. &merged;</para>
1017
1018 <para role="historic">The TCP implementation now properly ignores packets
1019 addressed to IP-layer broadcast addresses. &merged;</para>
1020
1021 <para>The ephemeral port range used for TCP and UDP has been
1022 changed to 49152–65535 (the old default was
1023 1024–5000). This increases the number of concurrent
1024 outgoing connections/streams.</para>
1025 </sect3>
1026
1027 <sect3>
1028 <title>Disks and Storage</title>
1029
1030 <para arch="i386" role="historic">Support for the Adaptec FSA family of PCI-SCSI
1031 RAID controllers has been added, in the form of the
1032 &man.aac.4; driver. This driver includes proper handling of
1033 commands initiated by the adapter, addition/removal of disk
1034 devices, crashdump functionality, and &man.ioctl.2; commands
1035 necessary for the management CLI, and is fully qualified and
1036 sanctioned by Adaptec. &merged;</para>
1037
1038 <para role="historic">The &man.ahc.4; driver has received numerous updates,
1039 bugfixes, and enhancements. Among various improvements are
1040 improved compatibility with chips in <quote>RAID Port</quote>
1041 mode and systems with AAA and/or ARO cards installed, as well
1042 as performance improvements. Some bugs were also fixed,
1043 including a rare hang on Ultra2/U160
1044 controllers. &merged;</para>
1045
1046 <para arch="i386" role="historic">The &man.asr.4; driver, which provides support
1047 for the Adaptec SCSI RAID controller family, as well as the
1048 DPT SmartRAID V and VI families, has been
1049 added. &merged;</para>
1050
1051 <para arch="i386" role="historic">The &man.asr.4; driver now supports the
1052 Adaptec 2000S and 2005S Zero-Channel RAID
1053 controllers. &merged;</para>
1054
1055 <para role="historic">The &man.ata.4; driver now has support for ATA100
1056 controllers. In addition, it now supports the ServerWorks
1057 ROSB4 ATA33 chipset, the CMD 648 ATA66 and CMD 649 ATA100
1058 chipsets, and the Cyrix 5530. &merged;</para>
1059
1060 <para role="historic">To provide more flexible configuration, the various
1061 options for the &man.ata.4; driver are now boot loader
1062 tunables, rather than kernel configure-time
1063 options. &merged;</para>
1064
1065 <para role="historic">The &man.ata.4; driver now has support for tagged queuing,
1066 which is enabled by the <varname>hw.ata.tags</varname> loader
1067 tunable. &merged;</para>
1068
1069 <para role="historic">The &man.ata.4; driver now has support for ATA
1070 <quote>pseudo</quote> RAID controllers as the Promise Fasttrak
1071 and HighPoint HPT370 controllers. &merged;</para>
1072
1073 <para role="historic">The &man.ata.4; driver now supports a wider variety of SiS
1074 chipsets, as listed in the Hardware Notes. &merged;</para>
1075
1076 <para role="historic">The &man.ata.4; driver now has support for creating,
1077 deleting, querying, and rebuilding ATA RAIDs under control of
1078 &man.atacontrol.8;. &merged;</para>
1079
1080 <para role="historic">The BurnProof(TM) feature, for applicable ATAPI CD-ROM
1081 burners, is now supported. &merged;</para>
1082
1083 <para role="historic">The &man.ata.4; driver now has support for 48-bit
1084 addressing. Devices larger than 137GB are now
1085 supported. &merged;</para>
1086
1087 <para role="historic">The &man.ata.4; driver now contains fixes for some data
1088 corruption problems on systems using the VIA 82C686B
1089 Southbridge chip. &merged;</para>
1090
1091 <para role="historic">The &man.cd.4; driver now has support for write
1092 operations. This allows writing to DVD-RAM, PD and similar
1093 drives that probe as CD devices. Note that change affects
1094 only random-access writeable devices, not sequential-only
1095 writeable devices such as CD-R drives, which are supported by
1096 &man.cdrecord.1; (a part of
1097 <filename role="package">sysutils/cdrtools</filename> in the
1098 Ports Collection. &merged;</para>
1099
1100 <para arch="i386" role="historic">The ciss driver, for devices utilizing the
1101 Common Interface for SCSI-3 Support, has been added. This
1102 driver supports the Compaq SmartRAID 5* family of RAID
1103 controllers (5300, 532, 5i). &merged;</para>
1104
1105 <para>The &man.fdc.4; floppy disk has undergone a number of
1106 enhancements. Density selection for common settings is now
1107 automatic; the driver is also much more flexible in setting
1108 the densities of various subdevices.</para>
1109
1110 <para>The &man.geom.4; disk I/O request transformation framework
1111 has been added; this extensible framework is designed to
1112 support a wide variety of operations on I/O requests on their
1113 way from the upper kernel to the device drivers.</para>
1114
1115 <para role="historic">The ida disk driver now has crashdump
1116 support. &merged;</para>
1117
1118 <para arch="i386" role="historic">The iir driver has been added to support the
1119 Intel Integrated RAID controllers, as well as prior ICP Vortex
1120 controllers.</para>
1121
1122 <para arch="alpha" role="historic">A bug that made certain CDROM drives fail to
1123 attach when connected to a SCSI card driven by &man.isp.4; has
1124 been fixed. &merged;</para>
1125
1126 <para>The &man.isp.4; driver is now proactive about discovering
1127 Fibre Channel topology changes.</para>
1128
1129 <para>The &man.isp.4; driver now supports target mode for Qlogic
1130 SCSI cards, including Ultra2 and Ultra3 and dual bus
1131 cards.</para>
1132
1133 <para role="historic">The &man.isp.4; driver now supports the Qlogic 2300 and
1134 2312 Optical Fibre Channel PCI cards. &merged;</para>
1135
1136 <para>&man.md.4;, the memory disk device, has had the
1137 functionality of &man.vn.4; incorporated into it. &man.md.4;
1138 devices can now be configured by &man.mdconfig.8;. &man.vn.4;
1139 has been removed. The Memory Filesystem (MFS) has also been
1140 removed.</para>
1141
1142 <para arch="i386" role="historic">The &man.mly.4; driver, for Mylex PCI to SCSI
1143 AccelRAID and eXtremeRAID controllers with firmware 6.X and
1144 later, has been added. &merged;</para>
1145
1146 <para arch="i386,pc98" role="historic">The ncv, nsp, and stg drivers have been ported
1147 from NetBSD/pc98. They support the NCR 53C50 / Workbit Ninja
1148 SCSI-3 / TMC 18C30, 18C50 based PC-Card/ISA SCSI controllers.
1149 All three drivers can be built and loaded as
1150 modules. &merged;</para>
1151
1152 <para arch="powerpc">The ofw driver, a basic OpenFirmware disk
1153 driver, has been added.</para>
1154
1155 <para>Some problems in &man.sa.4; error handling have been
1156 fixed, including the <quote>tape drive spinning indefinitely
1157 upon &man.mt.1; <option>stat</option></quote> problem.</para>
1158
1159 <para arch="i386" role="historic">The &man.twe.4; 3ware ATA RAID driver has
1160 added. &merged;</para>
1161
1162 <para role="historic">The &man.wd.4; compatibility devices were removed from the
1163 &man.ata.4; driver. &merged;</para>
1164 </sect3>
1165
1166 <sect3>
1167 <title>Filesystems</title>
1168
1169 <para>Support for named extended attributes was added to the
1170 &os; kernel. This allows the kernel, and appropriately
1171 privileged userland processes, to tag files and directories
1172 with attribute data. Extended attributes were added to
1173 support the TrustedBSD Project, in particular ACLs, capability
1174 data, and mandatory access control labels (see
1175 <filename>/usr/src/sys/ufs/ufs/README.extattr</filename> for
1176 details).</para>
1177
1178 <para role="historic">Due to a licensing change, softupdates have been
1179 integrated into the main portion of the kernel source tree.
1180 As a consequence, softupdates are now available with the
1181 <filename>GENERIC</filename> kernel. &merged;</para>
1182
1183 <para>A filesystem snapshot capability has been added to FFS.
1184 Details can be found in
1185 <filename>/usr/src/sys/ufs/ffs/README.snapshot</filename>.</para>
1186
1187<!-- The following note needs to be made more specific or eliminated. -->
1188 <para>Softupdates for FFS have received some bug fixes and
1189 enhancements.</para>
1190
1191 <para>When running with softupdates, &man.statfs.2; and
1192 &man.df.1; will track the number of blocks and files that are
1193 committed to being freed.</para>
1194
1195 <para role="historic">A bug in FFS that could cause superblock corruption on
1196 very large filesystems has been corrected. &merged;</para>
1197
1198 <para role="historic">The ISO-9660 filesystem now has a hook that supports a
1199 loadable character conversion routine. The
1200 <filename role="package">sysutils/cd9660_unicode</filename>
1201 port contains a set of common conversions. &merged;</para>
1202
1203 <para>&man.kernfs.5; is obsolete and has been retired.</para>
1204
1205 <para role="historic">A bug in the NFS client that caused bogus access times with
1206 <literal>O_EXCL|O_CREAT</literal> opens was
1207 fixed. &merged;</para>
1208
1209 <para role="historic">A new NFS hash function (based on the Fowler/Noll/Vo hash
1210 algorithm) has been implemented to improve NFS performance by
1211 increasing the efficiency of the <varname>nfsnode</varname>
1212 hash tables. &merged;</para>
1213
1214 <para>Client-side NFS locks have been implemented.</para>
1215
1216 <para>The client-side and server-side of the NFS code in the
1217 kernel used to be intertwined in various complex ways. They
1218 have been split apart for ease of maintenance and further
1219 development.</para>
1220
1221 <para>Support for filesystem Access Control Lists (ACLs) has
1222 been introduced, allowing more fine-grained control of
1223 discretionary access control on files and directories. This
1224 support was integrated from the TrustedBSD Project. More
1225 details can be found in
1226 <filename>/usr/src/sys/ufs/ufs/README.acls</filename>.</para>
1227
1228 <para role="historic">The directory layout preference algorithm for FFS
1229 (<literal>dirprefs</literal>) has been changed. Rather than
1230 scattering directory blocks across a disk, it attempts to
1231 group related directory blocks together. Operations
1232 traversing large directory hierarchies, such as the &os; Ports
1233 tree, have shown marked speedups. This change is transparent
1234 and automatic for new directories. &merged;</para>
1235
1236 <para arch="i386,pc98" role="historic">smbfs (CIFS) support in kernel has been added.
1237 The userland programs &man.smbutil.1; and &man.mount.smbfs.8;
1238 can be used to work with SMB shares. Note that
1239 &man.mount.smbfs.8; will automatically load the
1240 <filename>smbfs.ko</filename> module into the kernel, even if
1241 <literal>LIBMCHAIN</literal> and
1242 <literal>LIBICONV</literal> were not compiled into the kernel.
1243 &merged;</para>
1244
1245 <para>For consistency, the fdesc, fifo, null, msdos, portal,
1246 umap, and union filesystems have been renamed to fdescfs,
1247 fifofs, msdosfs, nullfs, portalfs, umapfs, and unionfs. Where
1248 applicable, modules and mount_* programs have been renamed.
1249 Compatibility <quote>glue</quote> has been added to
1250 &man.mount.8; so that <literal>msdos</literal> filesystem
1251 entries in &man.fstab.5; will work without changes.</para>
1252
1253 <para>pseudofs, a pseudo-filesystem framework, has been added.
1254 &man.linprocfs.5; and &man.procfs.5; have been modified to use
1255 pseudofs.</para>
1256
1257 <para role="historic">A simple hash-based lookup optimization for large
1258 directories called <literal>dirhash</literal> has been added.
1259 Conditional on the
1260 <literal>UFS_DIRHASH</literal> kernel option (enabled by
1261 default in the <filename>GENERIC</filename> kernel), it
1262 improves the speed of operations on very large directories at
1263 the expense of some memory. &merged;</para>
1264
1265 <para role="historic">The virtual memory subsystem now backs UFS directory
1266 memory requirements by default (this behavior is controlled
1267 via the <varname>vfs.vmiodirenable</varname> sysctl
1268 variable). &merged;</para>
1269
1270 <para role="historic">A bug that prevented the root filesystem from being
1271 mounted from a SCSI CDROM has been fixed (ATAPI CDROMs were
1272 always supported). &merged;</para>
1273
1274 <para role="historic">A number of bugs in the filesystem code, discovered
1275 through the use of the <application>fsx</application>
1276 filesystem test tool, have been fixed. Under certain
1277 circumstances (primarily related to use of NFS), these bugs
1278 could cause data corruption or kernel panics. &merged;</para>
1279
1280 <para>Network filesystems (such as NFS and smbfs filesystems)
1281 listed in <filename>/etc/fstab</filename> can now be properly
1282 mounted during startup initialization; their mounts are
1283 deferred until after the network is initialized.</para>
1284
1285 <para>Read-only support for the Universal Disk Format (UDF) has
1286 been added. This format is used on packet-written CD-RWs and
1287 most commercial DVD-Video disks. The &man.mount.udf.8;
1288 command can be used to mount these disks.</para>
1289 </sect3>
1290
1291 <sect3>
1292 <title>PCCARD Support</title>
1293
1294 <para arch="i386,pc98" role="historic">The pccard driver and &man.pccardc.8; now
1295 support multiple <quote>beep types</quote> upon card insertion
1296 and removal. &merged;</para>
1297
1298 <para role="historic">On many modern hosts, PCCARD devices can be configured to
1299 route their interrupts via either the ISA or PCI interrupt
1300 paths. The &man.pcic.4; driver has been updated to support
1301 both interrupt paths (formerly, only routing via ISA was
1302 supported). &merged; In most cases, configuration of PCMCIA
1303 devices in laptops is simpler and more flexible. In addition,
1304 various Cardbus bridge PCI cards (such as those used by
1305 Orinoco PCI NICs) are now supported. Some hosts may
1306 experience problems, such as hangs or panics, with PCI
1307 interrupt routing; they can frequently be made to work by
1308 forcing the older-style ISA interrupt routing. The following
1309 lines, placed in <filename>/boot/loader.conf</filename>, may
1310 fix the problem:</para>
1311
1312 <programlisting role="historic">hw.pcic.intr_path="1"
1313 hw.pcic.irq="0"</programlisting>
1314
1315 <para role="historic">When installing &os; on such a system, typing the
1316 following lines to the boot loader may be helpful in starting
1317 up &os; for the first time:<para>
1318
1319 <screen role="historic"><prompt>ok</prompt> <userinput>set hw.pcic.intr_path="1"</userinput>
1320<prompt>ok</prompt> <userinput>set hw.pcic.irq="0"</userinput></screen>
1321
1322 <para arch="i386">Preliminary Cardbus support under NEWCARD has
1323 been added. This code supports the TI113X, TI12XX, TI125X,
1324 Ricoh 5C46/5C47, Topic 95/97/100 and Cirrus Logic PD683X
1325 bridges. 16-bit PC Card support is not yet functional.</para>
1326 </sect3>
1327
1328 <sect3>
1329 <title>Multimedia Support</title>
1330
1331 <para arch="i386" role="historic">The &man.pcm.4; driver now supports the ESS
1332 Solo 1, Maestro-1, Maestro-2, and Maestro-2e; Forte Media
1333 fm801, ESS Maestro-2e, and VIA Technologies VT82C686A sound
1334 card/chipsets, and has received some other updates. Separate
1335 drivers for the SoundBlaster 8 and SoundBlaster 16 now replace
1336 an older, unified driver. A driver for the CMedia
1337 CMI8338/CMI8738 sound chips has been added. A driver for the
1338 CS4281 sound chip has been added. A driver for the S3
1339 SonicVibes chipset has been added. &merged;</para>
1340
1341 <para arch="i386" role="historic">A driver for the Avance Logic ALS4000 has been
1342 added. &merged;</para>
1343
1344 <para arch="i386" role="historic">A driver for the ESS Maestro-3/Allegro has
1345 been added, however due to licensing restrictions, it cannot
1346 be compiled into the kernel. &merged; To use this driver, add
1347 the following line to
1348 <filename>/boot/loader.conf</filename>:</para>
1349
1350 <programlisting role="historic">snd_maestro3_load="YES"</programlisting>
1351
1352 <para role="historic">The &man.bktr.4; driver has been updated to 2.18. This
1353 update provides a number of new features. New tuner types
1354 have been added, and improvements to the KLD module and to
1355 memory allocation have been made. Bugs in &man.devfs.5; when
1356 unloading and reloading have been fixed. Support for new
1357 Hauppauge Model 44xxx WinTV Cards (the ones with no audio mux)
1358 has been added. &merged;</para>
1359
1360 <para arch="i386,pc98" role="historic">The ufm driver, supporting the D-Link DSB-R100
1361 USB Radio, has been added. &merged;</para>
1362
1363 <para role="historic">When sound modules are built, one can now load all the
1364 drivers and infrastructure by <command>kldload
1365 snd</command>. &merged;</para>
1366
1367 <para>A new API has been added for sound cards with hardware
1368 volume control.</para>
1369
1370 <para arch="i386" role="historic">A driver for the Intel 443MX, 810, 815, and
1371 815E integrated sound devices has been added. &merged;</para>
1372
1373 <para arch="i386" role="historic">The via82c686 sound driver now supports the VIA
1374 VT8233. &merged;</para>
1375
1376 <para arch="i386" role="historic">The ich sound driver now support the SiS
1377 7012 chipset. &merged;</para>
1378
1379 <para arch="i386">Drivers have been added to support the Direct
1380 Rendering Infrastructure, which can used to provide 3D
1381 acceleration within <application>XFree86</application>. Video
1382 cards supported include the 3Dlabs Oxygen GMX 2000 (gammadrm),
1383 AGP Matrox G200/G400/G450/G550 (mgadrm), 3dfx Voodoo
1384 3/4/5/Banshee (tdfxdrm), AGI ATI Rage 128 (r128drm), and AGP
1385 ATI Radeon (radeondrm).</para>
1386
1387 </sect3>
1388
1389 <sect3>
1390 <title>Contributed Software</title>
1391
1392 <para>The Forth Inspired Command Language
1393 (<application>FICL</application>) used in the boot loader has
1394 been updated to 3.02.</para>
1395
1396 <para>Support for Advanced Configuration and Power Interface
1397 (ACPI), a multi-vendor standard for configuration and power
1398 management, has been added. This functionality has been
1399 provided by the <application>Intel ACPI Component
1400 Architecture</application> project, as of the ACPI CA 20020308
1401 snapshot. Some backward compatability for applications using
1402 the older APM standard has been provided.</para>
1403
1404 <sect4>
1405 <title>IPFilter</title>
1406
1407 <para><application>IPFilter</application> has been updated to
1408 3.4.28.</para>
1409
1410 <para role="historic"><application>IPFilter</application> now supports
1411 IPv6. &merged;</para>
1412
1413 </sect4>
1414
1415 <sect4 arch="i386">
1416 <title>isdn4bsd</title>
1417
1418 <para><application>isdn4bsd</application> has been updated to
1419 version 1.0.2.</para>
1420
1421 <para role="historic">The &man.ifpi.4; driver for supporting the AVM
1422 Fritz!Card PCI controller has been added. &merged;</para>
1423
1424 <para role="historic">The &man.ifpi2.4; driver for supporting the AVM
1425 Fritz!Card PCI version 2 controller has been added. &merged;</para>
1426
1427 <para role="historic">The &man.ihfc.4; driver for supporting Cologne Chip
1428 Designs HFC devices under
1429 <application>isdn4bsd</application> has been
1430 added. &merged;</para>
1431
1432 <para role="historic">The &man.itjc.4; driver for supporting NETjet-S / Teles
1433 PCI-TJ devices under <application>isdn4bsd</application> has
1434 been added. &merged;</para>
1435
1436 <para role="historic">Experimental support for the Eicon.Diehl DIVA 2.0 and
1437 2.02 ISA PnP ISDN cards has been added to the &man.isic.4;
1438 <application>isdn4bsd</application> driver. &merged;</para>
1439
1440 <para role="historic">The &man.isic.4; driver now supports the Compaq Microcom
1441 610 ISDN ISA PnP card. &merged;</para>
1442
1443 <para role="historic">Active CAPI-based ISDN cards manufactured by AVM are now
1444 supported using the &man.i4bcapi.4; and the &man.iavc.4;
1445 driver. The supported cards are the AVM B1 PCI and AVM B1
1446 ISA Basic Rate cards and the AVM T1 Primary Rate
1447 cards. &merged;</para>
1448
1449 <para role="historic">A new <literal>maxconnecttime</literal> keyword is now
1450 accepted in &man.isdnd.rc.5; files to limit the time a
1451 connection may remain open. &merged;</para>
1452
1453 <para role="historic">&man.isdnphone.8; now supports a <option>-k</option>
1454 option for sending messages via the keypad facility to a PBX
1455 or exchange office. &merged;</para>
1456
1457 <para><application>isdn4bsd</application> now supports Q.931
1458 subaddressing.</para>
1459
1460 </sect4>
1461
1462 <sect4 id="kame-kernel">
1463 <title>KAME</title>
1464
1465 <para role="historic">The IPv6 stack is now based on a snapshot based on the
1466 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
1467 the items listed in this section are a result of this
1468 import. <xref linkend="kame-userland"> lists userland
1469 updates to the KAME IPv6 stack. &merged;</para>
1470
1471 <para role="historic">&man.gif.4; is now based on RFC 2893, rather than RFC
1472 1933. The <literal>IFF_LINK2</literal> interface flag can
1473 be used to control ingress filtering. &merged;</para>
1474
1475 <para role="historic"><application>IPsec</application> has received some
1476 enhancements, including the ability to use the Rijndael and
1477 SHA2 algorithms. IPsec RC5 support has been removed due to
1478 patent issues. &merged;</para>
1479
1480 <para role="historic">&man.stf.4; now conforms to RFC 3056; the
1481 <literal>IFF_LINK2</literal> interface flag can be used to
1482 control ingress filtering. &merged;</para>
1483
1484 <para role="historic">IPv6 has better checking of illegal addresses (such as
1485 loopback addresses) on physical networks. &merged;</para>
1486
1487 <para role="historic">The <varname>IPV6_V6ONLY</varname> socket option is now
1488 completely supported. The kernel's default behavior with
1489 respect to this option is controlled by the
1490 <varname>net.inet6.ip6.v6only</varname> sysctl
1491 variable. &merged;</para>
1492
1493 <para role="historic">RFC 3041 (Privacy Extensions for Stateless Address
1494 Autoconfiguration) is now supported. It can be enabled via
1495 the <varname>net.inet6.ip6.use_tempaddr</varname> sysctl
1496 variable. &merged;</para>
1497 </sect4>
1498 </sect3>
1499 </sect2>
1500
1501 <sect2 id="security">
1502 <title>Security-Related Changes</title>
1503
1504 <para role="historic">&man.sysinstall.8; now allows the user to select one of two
1505 <quote>security profiles</quote> at install-time. These
1506 profiles enable different levels of system security by enabling
1507 or disabling various system services in &man.rc.conf.5; on new
1508 installs. &merged;</para>
1509
1510 <para>A bug in which malformed ELF executable images can hang the
1511 system has been fixed (see security advisory
1512 FreeBSD-SA-00:41). &merged;</para>
1513
1514 <para>A security hole in Linux emulation was fixed (see security
1515 advisory FreeBSD-SA-00:42). &merged;</para>
1516
1517 <para role="historic">String-handling library calls in many programs were fixed to
1518 reduce the possibility of buffer overflow-related exploits.
1519 &merged;</para>
1520
1521 <para>TCP now uses stronger randomness in choosing its initial
1522 sequence numbers (see security advisory
1523 FreeBSD-SA-00:52). &merged;</para>
1524
1525 <para>Several buffer overflows in &man.tcpdump.1; were corrected
1526 (see security advisory FreeBSD-SA-00:61). &merged;</para>
1527
1528 <para>A security hole in &man.top.1; was corrected (see security
1529 advisory FreeBSD-SA-00:62). &merged;</para>
1530
1531 <para>A potential security hole caused by an off-by-one-error in
1532 &man.gethostbyname.3; has been fixed (see security advisory
1533 FreeBSD-SA-00:63). &merged;</para>
1534
1535 <para>A potential buffer overflow in the &man.ncurses.3; library,
1536 which could cause arbitrary code to be run from within
1537 &man.systat.1;, has been corrected (see security advisory
1538 FreeBSD-SA-00:68). &merged;</para>
1539
1540 <para>A vulnerability in &man.telnetd.8; that could cause it to
1541 consume large amounts of server resources has been fixed (see
1542 security advisory FreeBSD-SA-00:69). &merged;</para>
1543
1544 <para>The <literal>nat deny_incoming</literal> command in
1545 &man.ppp.8; now works correctly (see security advisory
1546 FreeBSD-SA-00:70). &merged;</para>
1547
1548 <para>A vulnerability in &man.csh.1;/&man.tcsh.1; temporary files
1549 that could allow overwriting of arbitrary user-writable files
1550 has been closed (see security advisory
1551 FreeBSD-SA-00:76). &merged;</para>
1552
1553 <para role="historic">The &man.ssh.1; binary is no longer SUID root by
1554 default. &merged;</para>
1555
1556 <para role="historic">Some fixes were applied to the Kerberos IV implementation
1557 related to environment variables, a possible buffer overrun, and
1558 overwriting ticket files. &merged;</para>
1559
1560 <para role="historic">&man.telnet.1; now does a better job of sanitizing its
1561 environment. &merged;</para>
1562
1563 <para>Several vulnerabilities in &man.procfs.5; were fixed (see
1564 security advisory FreeBSD-SA-00:77). &merged;</para>
1565
1566 <para>A bug in <application>OpenSSH</application> in which a
1567 server was unable to disable &man.ssh-agent.1; or
1568 <literal>X11Forwarding</literal> was fixed (see security
1569 advisory FreeBSD-SA-01:01). &merged;</para>
1570
1571 <para>A bug in &man.ipfw.8; and &man.ip6fw.8; in which inbound TCP
1572 segments could incorrectly be treated as being part of an
1573 <literal>established</literal> connection has been fixed (see
1574 security advisory FreeBSD-SA-01:08). &merged;</para>
1575
1576 <para>A bug in &man.crontab.1; that could allow users to read any
1577 file on the system in valid &man.crontab.5; syntax has been
1578 fixed (see security advisory FreeBSD-SA-01:09). &merged;</para>
1579
1580 <para>A vulnerability in &man.inetd.8; that could allow
1581 read-access to the initial 16 bytes of
1582 <groupname>wheel</groupname>-accessible files has been fixed
1583 (see security advisory FreeBSD-SA-01:11). &merged;</para>
1584
1585 <para>A bug in &man.periodic.8; that used insecure temporary files
1586 has been corrected (see security advisory
1587 FreeBSD-SA-01:12). &merged;</para>
1588
1589 <para><application>OpenSSH</application> now has code to prevent
1590 (instead of just mitigating through connection limits) an attack
1591 that can lead to guessing the server key (not host key) by
1592 regenerating the server key when an RSA failure is detected (see
1593 security advisory FreeBSD-SA-01:24). &merged;</para>
1594
1595 <para role="historic">A number of programs have had output formatting strings
1596 corrected so as to reduce the risk of
1597 vulnerabilities. &merged;</para>
1598
1599 <para role="historic">A number of programs that use temporary files now do so more
1600 securely. &merged;</para>
1601
1602 <para role="historic">A bug in ICMP that could cause an attacker to disrupt TCP and UDP
1603 <quote>sessions</quote> has been corrected. &merged;</para>
1604
1605 <para>A bug in &man.timed.8;, which caused it to crash if send
1606 certain malformed packets, has been corrected (see security
1607 advisory FreeBSD-SA-01:28). &merged;</para>
1608
1609 <para>A bug in &man.rwhod.8;, which caused it to crash if send
1610 certain malformed packets, has been corrected (see security
1611 advisory FreeBSD-SA-01:29). &merged;</para>
1612
1613 <para>A security hole in &os;'s FFS and EXT2FS implementations,
1614 which allowed a race condition that could cause users to have
1615 unauthorized access to data, has been fixed (see security
1616 advisory FreeBSD-SA-01:30). &merged;</para>
1617
1618 <para>A remotely-exploitable vulnerability in &man.ntpd.8; has
1619 been closed (see security advisory
1620 FreeBSD-SA-01:31). &merged;</para>
1621
1622 <para>A security hole in <application>IPFilter</application>'s
1623 fragment cache has been closed (see security advisory
1624 FreeBSD-SA-01:32). &merged;</para>
1625
1626 <para>Buffer overflows in &man.glob.3;, which could cause
1627 arbitrary code to be run on an FTP server, have been closed. In
1628 addition, to prevent some forms of DOS attacks, &man.glob.3;
1629 allows specification of a limit on the number of pathname
1630 matches it will return. &man.ftpd.8; now uses this feature (see
1631 security advisory FreeBSD-SA-01:33). &merged;</para>
1632
1633 <para>Initial sequence numbers in TCP are more thoroughly
1634 randomized (see security advisory FreeBSD-SA-01:39). Due to
1635 some possible compatibility issues, the behavior of this
1636 security fix can be enabled or disabled via the
1637 <varname>net.inet.tcp.tcp_seq_genscheme</varname> sysctl
1638 variable.&merged;</para>
1639
1640 <para>A vulnerability in the &man.fts.3; routines (used by
1641 applications for recursively traversing a filesystem) could
1642 allow a program to operate on files outside the intended
1643 directory hierarchy. This bug has been fixed (see security
1644 advisory FreeBSD-SA-01:40). &merged;</para>
1645
1646 <para role="historic"><application>OpenSSH</application> now switches to the
1647 user's UID before attempting to unlink the authentication
1648 forwarding file, nullifying the effects of a race.</para>
1649
1650 <para>A flaw allowed some signal handlers to remain in effect in a
1651 child process after being exec-ed from its parent. This allowed
1652 an attacker to execute arbitrary code in the context of a setuid
1653 binary. This flaw has been corrected (see security advisory
1654 FreeBSD-SA-01:42). &merged;</para>
1655
1656 <para>A remote buffer overflow in &man.tcpdump.1; has been fixed
1657 (see security advisory FreeBSD-SA-01:48). &merged;</para>
1658
1659 <para>A remote buffer overflow in &man.telnetd.8; has been fixed
1660 (see security advisory FreeBSD-SA-01:49). &merged;</para>
1661
1662 <para>The new <varname>net.inet.ip.maxfragpackets</varname> and
1663 <varname>net.inet.ip6.maxfragpackets</varname> sysctl variables
1664 limit the amount of memory that can be consumed by IPv4 and IPv6
1665 packet fragments, which defends against some denial of service
1666 attacks (see security advisory
1667 FreeBSD-SA-01:52). &merged;</para>
1668
1669 <para role="historic">All services in <filename>inetd.conf</filename> are now
1670 disabled by default for new installations. &man.sysinstall.8;
1671 gives the option of enabling or disabling &man.inetd.8; on new
1672 installations, as well as editing
1673 <filename>inetd.conf</filename>. &merged;</para>
1674
1675 <para>A flaw in the implementation of the &man.ipfw.8;
1676 <literal>me</literal> rules on point-to-point links has been
1677 corrected. Formerly, <literal>me</literal> filter rules would
1678 match the remote IP address of a point-to-point interface in
1679 addition to the intended local IP address (see security advisory
1680 FreeBSD-SA-01:53). &merged;</para>
1681
1682 <para>A vulnerability in &man.procfs.5;, which could allow a
1683 process to read sensitive information from another process's
1684 memory space, has been closed (see security advisory
1685 FreeBSD-SA-01:55). &merged;</para>
1686
1687 <para>The <literal>PARANOID</literal> hostname checking in
1688 <application>tcp_wrappers</application> now works as advertised
1689 (see security advisory FreeBSD-SA-01:56). &merged;</para>
1690
1691 <para>A local root exploit in &man.sendmail.8; has been closed
1692 (see security advisory FreeBSD-SA-01:57). &merged;</para>
1693
1694 <para>A remote root vulnerability in &man.lpd.8; has been closed
1695 (see security advisory FreeBSD-SA-01:58). &merged;</para>
1696
1697 <para>A race condition in &man.rmuser.8; that briefly exposed a
1698 world-readable <filename>/etc/master.passwd</filename> has been
1699 fixed (see security advisory FreeBSD-SA-01:59). &merged;</para>
1700
1701 <para>A vulnerability in <application>UUCP</application> has been
1702 closed (see security advisory FreeBSD-SA-01:62). All
1703 non-<username>root</username>-owned binaries in standard system
1704 paths now have the <literal>schg</literal> flag set to prevent
1705 exploit vectors when run by &man.cron.8;, by
1706 <username>root</username>, or by a user other then the one owning
1707 the binary. In addition, &man.uustat.1; is now run via
1708 <filename>/etc/periodic/daily/410.status-uucp</filename> as
1709 <username>uucp</username>, not <username>root</username>. In
1710 &os; -CURRENT, <application>UUCP</application> has since been
1711 moved to the Ports Collection and no longer a part of the base
1712 system. &merged;</para>
1713
1714 <para role="historic">A security hole in the form of a buffer overflow in the
1715 &man.semop.2; system call has been closed. &merged;</para>
1716
1717 <para>A security hole in <application>OpenSSH</application>, which
1718 could allow users to execute code with arbitrary privileges if
1719 <literal>UseLogin yes</literal> was set, has been closed. Note
1720 that the default value of this setting is
1721 <literal>UseLogin no</literal>. (See security advisory
1722 FreeBSD-SA-01:63.) &merged;</para>
1723
1724 <para>The use of an insecure temporary directory by
1725 &man.pkg.add.1; could permit a local attacker to modify the
1726 contents of binary packages while they were being installed.
1727 This hole has been closed. (See security advisory
1728 FreeBSD-SA-02:01.) &merged;</para>
1729
1730 <para>A race condition in &man.pw.8;, which could expose the
1731 contents of <filename>/etc/master.passwd</filename>, has been
1732 eliminated. (See security advisory FreeBSD-SA-02:02.)
1733 &merged;</para>
1734
1735 <para>A bug in &man.k5su.8; could have allowed a process that had
1736 given up superuser privileges to regain them. This bug has been
1737 fixed. (See security advisory FreeBSD-SA-02:07.)
1738 &merged;</para>
1739
1740 <para>An <quote>off-by-one</quote> bug has been fixed in
1741 <application>OpenSSH</application>'s multiplexing code. This bug
1742 could have allowed an authenticated remote user to cause
1743 &man.sshd.8; to execute arbitrary code with superuser
1744 privileges, or allowed a malicious SSH server to execute arbitrary
1745 code on the client system with the privileges of the client user. (See security
1746 advisory <ulink
1747 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc">FreeBSD-SA-02:13</ulink>.)
1748 &merged;</para>
1749
1750 <para>A programming error in <application>zlib</application> could
1751 result in attempts to free memory multiple times. The
1752 &man.malloc.3;/&man.free.3; routines used in &os; are not
1753 vulnerable to this error, but applications receiving
1754 specially-crafted blocks of invalid compressed data could
1755 be made to function incorrectly or abort. This
1756 <application>zlib</application> bug has been fixed. For a
1757 workaround and solutions, see security advisory <ulink
1758 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.v1.2.asc">FreeBSD-SA-02:18</ulink>.
1759 &merged;</para>
1760
1761 <para>Bugs in the TCP SYN cache (<quote>syncache</quote>) and SYN
1762 cookie (<quote>syncookie</quote>) implementations, which could
1763 cause legitimate TCP/IP traffic to crash a machine, have been
1764 fixed. For a workaround and patches, see security advisory
1765 <ulink
1766 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:20.syncache.asc">FreeBSD-SA-02:20</ulink>.
1767 &merged;</para>
1768
1769 <para>A routing table memory leak, which could allow a remote
1770 attacker to exhaust the memory of a target machine, has been
1771 fixed. A workaround and patches can be found in security
1772 advisory <ulink
1773 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc">FreeBSD-SA-02:21</ulink>.
1774 &merged;</para>
1775
1776 <para>A bug with memory-mapped I/O, which could cause a system
1777 crash, has been fixed. For more information about a solution,
1778 see security advisory <ulink
1779 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:22.mmap.asc">FreeBSD-SA-02:22</ulink>.
1780 &merged;</para>
1781
1782 <para>A security hole, in which SUID programs could be made to
1783 read from or write to inappropriate files through manipulation
1784 of their standard I/O file descriptors, has been fixed.
1785 Information regarding a solution can be found in security
1786 advisory <ulink
1787 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc">FreeBSD-SA-02:23</ulink>.
1788 &merged;</para>
1789
1790 <para>Some unexpected behavior could be allowed with &man.k5su.8;
1791 because it does not require that an invoking user be a member of
1792 the <groupname>wheel</groupname> group when attempting to become
1793 the superuser (this is the case with &man.su.1;). To avoid this
1794 situation, &man.k5su.8; is now installed non-SUID by default
1795 (effectively disabling it). More information can be found in
1796 security advisory <ulink
1797 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc">FreeBSD-SA-02:24</ulink>.
1798 &merged;</para>
1799
1800 <para>Multiple vulnerabilities were found in the &man.bzip2.1;
1801 utility, which could allow files to be overwritten without
1802 warning or allow local users unintended access to files. These
1803 problems have been corrected with a new import of
1804 <application>bzip2</application>. For more information, see
1805 security advisory <ulink
1806 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc">FreeBSD-SA-02:25</ulink>.
1807 &merged;</para>
1808
1809 <para>A bug has been fixed in the implementation of the TCP SYN
1810 cache (<quote>syncache</quote>), which could allow a remote
1811 attacker to deny access to a service when accept filters
1812 (see &man.accept.filter.9;) were in use. This bug has been
1813 fixed; for more information, see security advisory <ulink
1814 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>.
1815 &merged;</para>
1816
1817 <para>Due to a bug in &man.rc.8;'s use of shell globbing, users
1818 may be able to remove the contents of arbitrary files if
1819 <filename>/tmp/.X11-unix</filename> does not exist and the
1820 system can be made to reboot. This bug has been corrected (see
1821 security advisory <ulink
1822 url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>).
1823 &merged;</para>
1824
1825 </sect2>
1826
1827 <sect2 id="userland">
1828 <title>Userland Changes</title>
1829
1830 <para role="historic">If the first argument to &man.ancontrol.8; or
1831 &man.wicontrol.8; doesn't start with a <literal>-</literal>, it
1832 is assumed to be an interface. &merged;</para>
1833
1834 <para role="historic">&man.apmd.8; now has the ability to monitor battery levels
1835 and execute commands based on percentage or minutes of battery
1836 life remaining via the <literal>apm_battery</literal>
1837 configuration directive. See the commented-out examples in
1838 <filename>/etc/apmd.conf</filename> for the
1839 syntax. &merged;</para>
1840
1841 <para role="historic">&man.arp.8; now prints the applicable interface name for
1842 each ARP entry. &merged;</para>
1843
1844 <para>&man.arp.8; now prints <literal>[fddi]</literal> or
1845 <literal>[atm]</literal> tags for addresses on interfaces of
1846 those types.</para>
1847
1848 <para>The &man.asa.1; utility, to interpret FORTRAN
1849 carriage-control characters, has been added.</para>
1850
1851 <para>&man.at.1; now supports the <option>-r</option> command-line
1852 option to remove jobs and the <option>-t</option> option to
1853 specify times in POSIX time format.</para>
1854
1855 <para role="historic">&man.atacontrol.8; has been added to control various aspects
1856 of the &man.ata.4; driver. &merged;</para>
1857
1858 <para>The system &man.awk.1; now refers to
1859 <application>BWK awk</application>. <application>GNU
1860 awk</application> is now available as &man.gawk.1;.</para>
1861
1862 <para arch="pc98" role="historic">&man.boot98cfg.8;, a PC-98 boot manager
1863 installation and configuration utility, has been
1864 added. &merged;</para>
1865
1866 <para role="historic">&man.burncd.8; now supports a <option>-m</option> option for
1867 multisession mode (the default behavior now is to close disks as
1868 single-session). A <option>-l</option> option to take a list of
1869 image files from a filename was also added;
1870 <filename>-</filename> can be used as a filename for
1871 <literal>stdin</literal>. &merged;</para>
1872
1873 <para>&man.burncd.8; now supports Disk At Once (DAO) mode,
1874 selectable via the <option>-d</option> flag.</para>
1875
1876 <para>&man.burncd.8; now has the ability to write VCDs/SVCDs.</para>
1877
1878 <para role="historic">&man.c89.1; has been converted from a shell script to a
1879 binary executable, fixing some minor bugs. &merged;</para>
1880
1881 <para arch="i386,pc98" role="historic">A minimalized version of &man.camcontrol.8; is
1882 now available on the installation floppy. This allows it to
1883 rescan for devices that have been connected after booting, or to
1884 show the devices attached to SCSI busses (e. g. from within the
1885 <quote>emergency holographic shell</quote>). &merged;</para>
1886
1887 <para role="historic">&man.cat.1; now has the ability to read from UNIX-domain
1888 sockets. &merged;</para>
1889
1890 <para>&man.catman.1; is now a C program, instead of a
1891 Perl script.</para>
1892
1893 <para role="historic">&man.cdcontrol.1; now supports a <literal>cdid</literal>
1894 command, which calculates and displays the CD serial number,
1895 using the same algorithm used by the CDDB
1896 database. &merged;</para>
1897
1898 <para role="historic">&man.cdcontrol.1; now uses the <envar>CDROM</envar>
1899 environment variable to pick a default device. &merged;</para>
1900
1901 <para role="historic">&man.cdcontrol.1; now supports <literal>next</literal> and
1902 <literal>prev</literal> commands to skip forwards or backwards a
1903 specified number of tracks while playing an audio
1904 CD. &merged;</para>
1905
1906 <para>On ATAPI CDROM drives, &man.cdcontrol.1; now supports a
1907 <literal>speed</literal> command to set the maximum speed to be
1908 used by the drive. &merged;</para>
1909
1910 <para>&man.chflags.1; has moved from <filename>/usr/bin</filename>
1911 to <filename>/bin</filename>.</para>
1912
1913 <para role="historic">&man.chio.1; now has the ability to specify elements by
1914 volume tag instead of by their physical location as well as the
1915 ability to return an element to its previous
1916 location. &merged;</para>
1917
1918 <para>&man.chmod.1; now supports a <option>-h</option> for
1919 changing the mode of a symbolic link.</para>
1920
1921 <para role="historic">&man.chown.8; now correctly follows symbolic links named as
1922 command line arguments if run without
1923 <option>-R</option>. &merged;</para>
1924
1925 <para>&man.chown.8; no longer takes <literal>.</literal> as a
1926 user/group delimeter. This change was made to support usernames
1927 containing a <literal>.</literal>.</para>
1928
1929 <para>Use of the <literal>CSMG_*</literal> macros no longer
1930 require inclusion of
1931 <filename><sys/param.h></filename></para>
1932
1933 <para role="historic">&man.col.1; now takes a <option>-p</option> flag to force
1934 unknown control sequences to be passed through
1935 unchanged. &merged;</para>
1936
1937 <para role="historic">The <filename>compat3x</filename> distribution has been
1938 updated to include libraries present in &os;
1939 3.5.1-RELEASE. &merged;</para>
1940
1941 <para>A <filename>compat4x</filename> distribution has been added
1942 for compatibility with &os; 4-STABLE.</para>
1943
1944 <para role="historic">&man.config.8; is now better about converting various
1945 warnings that should have been errors into actual fatal errors
1946 with an exit code. This ensures that <literal>make
1947 buildkernel</literal> doesn't quietly ignore them and build a
1948 bogus kernel without a human to read the errors. &merged;</para>
1949
1950 <para role="historic">A number of buffer overflows in &man.config.8; have been
1951 fixed. &merged;</para>
1952
1953 <para>A new &man.csplit.1; utility, which splits files based on
1954 context, has been added.</para>
1955
1956 <para role="historic">&man.ctags.1; no longer creates a corrupt tags file if the
1957 source file used <literal>//</literal> (C++-style)
1958 comments. &merged;</para>
1959
1960 <para>The &man.daemon.8; program, a command-line interface to
1961 &man.daemon.3;, has been added. It detaches itself from its
1962 controlling terminal and executes a program specified on the
1963 command line. This allows the user to run an arbitrary program
1964 as if it were written to be a daemon.</para>
1965
1966 <para>&man.devinfo.8;, a simple tool to print the device tree and resource
1967 usage by devices, has been added.</para>
1968
1969 <para role="historic">&man.df.1; now takes a <option>-l</option> option to only
1970 display information about locally-mounted
1971 filesystems. &merged;</para>
1972
1973 <para role="historic">&man.disklabel.8; now supports partition sizes expressed in
1974 kilobytes, megabytes, or gigabytes, in addition to
1975 sectors. &merged;</para>
1976
1977 <para>diskpart(8) has been declared obsolete, and has been
1978 removed.</para>
1979
1980 <para role="historic">&man.dmesg.8; now has a <option>-a</option> option to show
1981 the entire message buffer, including &man.syslogd.8; records and
1982 <filename>/dev/console</filename> output. &merged;</para>
1983
1984 <para role="historic">&man.du.1; now takes a <option>-I</option> command-line flag
1985 to ignore/skip files and subdirectories matching a specified
1986 shell-glob mask. &merged;</para>
1987
1988 <para role="historic">&man.dump.8; now supports inheritance of the
1989 <literal>nodump</literal> flag down a hierarchy. &merged;</para>
1990
1991 <para role="historic">The <option>-T</option> option to &man.dump.8; no longer
1992 swallows an extra argument. &merged;</para>
1993
1994 <para role="historic">&man.dump.8; has a new <option>-D</option> option, allowing
1995 the path to the <filename>/etc/dumpdates</filename> file to be
1996 changed. &merged;</para>
1997
1998 <para role="historic">&man.dump.8; now supplies progress information in its
1999 process title, useful for monitoring automated
2000 backups. &merged;</para>
2001
2002 <para>&man.dump.8; now supports a new <option>-S</option> flag to allow
2003 it to just print out the dump size estimates and exit.</para>
2004
2005 <para role="historic">&man.edquota.8; now takes a <option>-f</option> option to
2006 allow limiting the prototype quota distribution (specified with
2007 <option>-p</option>) to a single filesystem. &merged;</para>
2008
2009 <para role="historic"><filename>/etc/rc.firewall</filename> and
2010 <filename>/etc/rc.firewall6</filename> will no longer add their own
2011 hardcoded rules in the cases of a rules file in the
2012 <varname>firewall_type</varname> variable or a non-existent
2013 firewall type. (The motivation for this change is to avoid
2014 acting on assumptions about a site's firewall policies.) In
2015 addition, the <literal>closed</literal> firewall type now works
2016 as documented in the &man.rc.firewall.8; manual page. &merged;</para>
2017
2018 <para role="historic">The functionality of <filename>/etc/security</filename> has
2019 been been moved into a set of scripts under the &man.periodic.8;
2020 framework, to make local customization easier and more
2021 maintainable. These scripts now reside in
2022 <filename>/etc/periodic/security/</filename>. &merged;</para>
2023
2024 <para>&man.expr.1; is now compliant with the POSIX Utility Syntax
2025 Guidelines. Some programs depend on the old, historic behavior
2026 (the <filename role="package">devel/libtool</filename>
2027 port/package was/is a notable example). In these situations,
2028 the <envar>EXPR_COMPAT</envar> environment variable can be
2029 defined, which causes &man.expr.1; to behave more like previous
2030 versions.</para>
2031
2032 <para>&man.fbtab.5; now accepts glob matching patterns for target
2033 devices, not just individual devices and directories.</para>
2034
2035 <para arch="i386">&man.fdisk.8; no longer attempts to search for a
2036 device if none has been specified on the command line, but
2037 instead tries to figure out the default device name from the
2038 root device.</para>
2039
2040 <para>&man.fdread.1;, a program to read data from floppy disks,
2041 has been added. It is a counterpart to &man.fdwrite.1; and is
2042 designed to provide a means of recovering at least some data
2043 from bad media, and to obviate for a complex invocation of
2044 &man.dd.1;.</para>
2045
2046 <para role="historic">&man.find.1; now takes the <option>-empty</option> flag,
2047 which returns true if a file or directory is
2048 empty. &merged;</para>
2049
2050 <para role="historic">&man.find.1; now takes the <option>-iname</option> and
2051 <option>-ipath</option> primaries for case-insensitive matches,
2052 and the <option>-regexp</option> and <option>-iregexp</option>
2053 primaries for regular-expression matches. The
2054 <option>-E</option> flag now enables extended regular
2055 expressions. &merged;</para>
2056
2057 <para role="historic">&man.find.1; now has the <option>-anewer</option>,
2058 <option>-cnewer</option>, <option>-mnewer</option>,
2059 <option>-okdir</option>, and <option>-newer[acm][acmt]</option>
2060 primaries for comparisons of file timestamps. The latter
2061 primaries can be specified with various units of
2062 time. &merged;</para>
2063
2064 <para role="historic">&man.finger.1; now has the ability to support fingering
2065 aliases, via the &man.finger.conf.5; file. &merged;</para>
2066
2067 <para>&man.finger.1; now has support for a
2068 <filename>.pubkey</filename> file.</para>
2069
2070 <para role="historic">&man.fmt.1; has been rewritten; the rewrite fixes a number
2071 of bugs compared to its prior behavior. &merged;</para>
2072
2073 <para role="historic">&man.fmtcheck.3;, a function for checking consistency of
2074 format string arguments, has been added. &merged;</para>
2075
2076 <para>&man.fold.1; now supports a <option>-b</option> flag to
2077 break at byte positions and a <option>-s</option> flag to break at
2078 word boundaries.</para>
2079
2080 <para role="historic">&man.fsdb.8; now supports a <literal>blocks</literal>
2081 command to list the blocks allocated by a particular
2082 inode. &merged;</para>
2083
2084 <para>&man.fsck.8; wrappers have been imported; this feature
2085 provides infrastructure for &man.fsck.8; to work on different
2086 types of filesystems (analogous to &man.mount.8;).</para>
2087
2088 <para>The behavior of &man.fsck.8; when dealing with various
2089 passes (a la <filename>/etc/fstab</filename>) has been modified
2090 to accommodate multiple-disk filesystems.</para>
2091
2092 <para>&man.fsck.8; now has support for foreground
2093 (<option>-F</option>) and background (<option>-B</option>)
2094 checks. Traditionally, &man.fsck.8; is invoked before the
2095 filesystems are mounted and all checks are done to completion at
2096 that time. If background checking is available, &man.fsck.8; is
2097 invoked twice. It is first invoked at the traditional time,
2098 before the filesystems are mounted, with the <option>-F</option>
2099 flag to do checking on all the filesystems that cannot do
2100 background checking. It is then invoked a second time, after
2101 the system has completed going multiuser, with the
2102 <option>-B</option> flag to do checking on all the filesystems
2103 that can do background checking. Unlike the foreground
2104 checking, the background checking is started asynchronously so
2105 that other system activity can proceed even on the filesystems
2106 that are being checked. Boot-time enabling of this feature is
2107 controlled by the
2108 <varname>background_fsck</varname> option in &man.rc.conf.5;.</para>
2109
2110 <para role="historic">Shortly after the receipt of a <literal>SIGINFO</literal>
2111 signal (normally control-T from the controlling tty),
2112 &man.fsck.ffs.8; will now output a line indicating the current
2113 phase number and progress information relevant to the current
2114 phase. &merged;</para>
2115
2116 <para>&man.fsck.ffs.8; now supports background filesystem checks
2117 to mounted FFS filesystems with the <option>-B</option> option
2118 (softupdates must be enabled on these filesystems). The
2119 <option>-F</option> flag now determines whether a specified
2120 filesystem needs foreground checking.</para>
2121
2122 <para role="historic">A new &man.fsck.msdosfs.8; utility has been added to check
2123 the consistency of MS-DOS filesystems. &merged;</para>
2124
2125 <para role="historic">&man.ftpd.8; now supports a <option>-r</option> flag for
2126 read-only mode and a <option>-E</option> flag to disable
2127 <literal>EPSV</literal>. It also has some fixes to reduce
2128 information leakage and the ability to specify compile-time port
2129 ranges. &merged;</para>
2130
2131 <para>&man.ftpd.8; now supports <option>-o</option> and
2132 <option>-O</option> options to disable the
2133 <literal>RETR</literal> command; the former for everybody, and
2134 the latter only for guest users. Coupled with
2135 <option>-A</option> and appropriate file permissions, these can
2136 be used to create a relatively safe anonymous FTP drop box for
2137 others to upload to.</para>
2138
2139 <para arch="i386,pc98" role="historic">&man.gdb.1; now supports hardware
2140 watchpoints (using the kernel's debug register + support that
2141 has been introduced in &os; 4.0). &merged;</para>
2142
2143 <para role="historic">The &man.getprogname.3; and &man.setprogname.3; library
2144 functions have been added to manipulate the name of the current
2145 program. They are used by error-reporting routines to produce
2146 consistent output. &merged;</para>
2147
2148 <para>&man.gprof.1; now has a <option>-K</option> option to enable
2149 dynamic symbol resolution from the currently-running kernel.
2150 With this change, properly-compiled KLD modules are now able to
2151 be profiled.</para>
2152
2153 <para role="historic">&man.growfs.8;, a utility for growing FFS filesystems, has
2154 been added. &man.ffsinfo.8;, a utility for dump all the
2155 meta-information of an existing filesystem, has also been
2156 added. &merged;</para>
2157
2158 <para role="historic">The &man.groups.1; and &man.whoami.1; shell scripts are now
2159 unnecessary; their functionality has been completely folded into
2160 &man.id.1;. &merged;</para>
2161
2162 <para>The ibcs(8), linux(8), osf1(8), and
2163 svr4(8) scripts, whose sole purpose was to load emulation
2164 kernel modules, have been removed. The kernel module system
2165 will automatically load them as needed to fulfill
2166 dependencies.</para>
2167
2168 <para role="historic">&man.indent.1; has gained some new formatting
2169 options. &merged;</para>
2170
2171 <para role="historic">&man.ifconfig.8; can set the link-layer address of
2172 an interface using the <option>link</option> parameter.
2173 &merged;</para>
2174
2175 <para role="historic">&man.ifconfig.8; can now accept addresses in slash/CIDR
2176 notation. &merged;</para>
2177
2178 <para role="historic">&man.ifconfig.8; now has support for setting parameters for
2179 IEEE 802.11 wireless network devices. &man.wi.4; and &man.an.4;
2180 devices are supported, and partial support is provided for
2181 &man.awi.4; devices. &merged;</para>
2182
2183 <para role="historic">&man.ifconfig.8; no longer displays the list of supported
2184 media by default. Instead it displays it when the
2185 <option>-m</option> flag is given. &merged;</para>
2186
2187 <para role="historic">The syntax of &man.inetd.8;'s support for &man.faithd.8; is
2188 now compatible with that of other BSDs. &merged;</para>
2189
2190 <para role="historic">The <literal>ident</literal> protocol support in
2191 &man.inetd.8; has been cleaned up and updated. &merged;</para>
2192
2193 <para role="historic">&man.inetd.8; now has the ability to manage UNIX-domain
2194 sockets. &merged;</para>
2195
2196 <para>By default, &man.inetd.8; is no longer run by &man.rc.8; at
2197 boot-time, although &man.sysinstall.8; gives the option of
2198 enabling it during binary installations. &man.inetd.8; can also
2199 be enabled by adding the following line to
2200 <filename>/etc/rc.conf</filename>:</para>
2201
2202 <programlisting>inetd_enable="YES"</programlisting>
2203
2204 <para role="historic">&man.install.1; has a number of new features, including the
2205 <option>-b</option> and <option>-B</option> options for backing up
2206 existing target files and the <option>-S</option> option for
2207 <quote>safe</quote> (atomic copy) operation. The
2208 <option>-c</option> (copy) flag is now the default, and the
2209 <option>-D</option> (debugging) flag has been withdrawn.
2210 &man.install.1; now issues a warning if <option>-d</option>
2211 (create directories) and <option>-C</option> (copy changed files
2212 only) are used together. &merged;</para>
2213
2214 <para role="historic">IP Filter is now supported by the &man.rc.conf.5; boot-time
2215 configuration and initialization. &merged;</para>
2216
2217 <para role="historic">&man.ipfstat.8; now supports the <option>-t</option> option
2218 to turn on a &man.top.1;-like display. &merged;</para>
2219
2220 <para role="historic">&man.ipfw.8; will now avoid the display of dynamic firewall
2221 rules unless the <option>-d</option> flag is passed to it. The
2222 <option>-e</option> option lists expired dynamic
2223 rules. &merged;</para>
2224
2225 <para role="historic">&man.ipfw.8; has a new feature (<literal>me</literal>) that
2226 allows for packet matching on interfaces with
2227 dynamically-changing IP addresses. &merged;</para>
2228
2229 <para role="historic">&man.ipfw.8; has a new <literal>limit</literal> type of
2230 firewall rule, which limits the number of sessions between
2231 address pairs. &merged;</para>
2232
2233 <para>&man.ipfw.8; filter rules can now match on the value of the
2234 IPv4 precedence field.</para>
2235
2236 <para role="historic">&man.ip6fw.8; now has the ability to use a preprocessor and
2237 use the <option>-q</option> (quiet) flag when reading from a
2238 file. &merged;</para>
2239
2240 <para role="historic">&man.ispppcontrol.8; has been deleted, and its functionality
2241 has been folded into &man.spppcontrol.8;. &merged;</para>
2242
2243 <para role="historic">&man.k5su.8; is no longer installed SUID
2244 <username>root</username> by default. Users requiring this
2245 feature can either manually change the permissions on the
2246 &man.k5su.8; executable or add
2247 <literal>ENABLE_SUID_K5SU=yes</literal> to
2248 <filename>/etc/make.conf</filename> before a source
2249 upgrade. &merged;</para>
2250
2251 <para role="historic">&man.kenv.1;, a command to dump the kernel environment, has
2252 been added. &merged;</para>
2253
2254 <para>&man.kenv.1; now has the ability to set or delete kernel
2255 environment variables.</para>
2256
2257 <para role="historic">&man.keyinfo.1; is now a C program, rather than a Perl
2258 script. &merged;</para>
2259
2260 <para>The kget(8) utility has been removed (it was only
2261 useful for UserConfig, which is not present in &os;
2262 &release.current;).</para>
2263
2264 <para role="historic">&man.killall.1; is now a C program, rather than a Perl
2265 script. As a result, its <option>-m</option> option now uses
2266 the regular expression syntax of &man.regex.3;, rather than that
2267 of Perl. &merged;</para>
2268
2269 <para>&man.killall.1; no longer tries to kill zombie processes
2270 unless the <option>-z</option> flag is specified.</para>
2271
2272 <para role="historic">The &man.kldconfig.8; utility has been added to make it
2273 easier to manipulate the kernel module search
2274 path. &merged;</para>
2275
2276 <para>ktrdump, a utility to dump the ktr trace buffer from
2277 userland, has been added.</para>
2278
2279 <para role="historic">&man.last.1; now implements a <option>-d</option> that
2280 provides a <quote>snapshot</quote> of who was logged in at a
2281 particular date and time. &merged;</para>
2282
2283 <para role="historic">&man.last.1; now supports a <option>-y</option> flag, which
2284 causes the year to be included in the session start time. &merged;</para>
2285
2286 <para role="historic">The &man.lastlogin.8; utility, which prints the last login
2287 time of each user, has been imported from
2288 NetBSD. &merged;</para>
2289
2290 <para role="historic">&man.ldconfig.8; now checks directory ownerships and
2291 permissions for greater security; these checks can be disabled
2292 with the <option>-i</option> flag. &merged;</para>
2293
2294 <para role="historic">&man.ldd.1; can now be used on shared libraries, in addition
2295 to executables. &merged;</para>
2296
2297 <para>&man.ldd.1; now supports a <option>-a</option> flag to list
2298 all the objects that are needed by each loaded object.</para>
2299
2300 <para><filename>libc</filename> is now thread-safe by default;
2301 <filename>libc_r</filename> contains only thread
2302 functions.</para>
2303
2304 <para role="historic"><filename>libcrypt</filename> and
2305 <filename>libdescrypt</filename> have been unified to provide a
2306 configurable password authentication hash library. Both the md5
2307 and des hash methods are provided unless the des hash is
2308 specifically compiled out. &merged;</para>
2309
2310 <para role="historic"><filename>libcrypt</filename> now has support for Blowfish
2311 password hashing. &merged;</para>
2312
2313 <para arch="i386" role="historic"><filename>libdisk</filename> can now do
2314 install-time configuration of the <filename>boot0</filename>
2315 boot loader. &merged;</para>
2316
2317 <para role="historic"><filename>libstand</filename> now has support for
2318 filesystems containing
2319 <application>bzip2</application>-compressed
2320 files. &merged;</para>
2321
2322 <para><filename>libstand</filename> now has support for
2323 overwriting the contents of a file on a UFS filesystem (it
2324 cannot expand or truncate files because the filesystem may be
2325 dirty or inconsistent).</para>
2326
2327 <para role="historic"><filename>libstand</filename> now has support for loading
2328 large kernels and modules split across several physical
2329 media. &merged;</para>
2330
2331 <para role="historic">The default TCP port range used by
2332 <filename>libfetch</filename> for passive FTP retrievals has
2333 changed; this affects the behavior of &man.fetch.1;, which has
2334 gained the <option>-U</option> option to restore the old
2335 behavior. &merged;</para>
2336
2337 <para role="historic"><filename>libfetch</filename> now has support for an
2338 authentication callback. &merged;</para>
2339
2340 <para role="historic"><filename>libfetch</filename> now has support for a
2341 <envar>HTTP_USER_AGENT</envar> environment
2342 variable. &merged;</para>
2343
2344 <para><filename>libgmp</filename> has been superceded by
2345 <filename>libmp</filename>.
2346
2347 <para>The functions from <filename>libposix1e</filename> have been
2348 integrated into <filename>libc</filename>.</para>
2349
2350 <para role="historic"><filename>libusb</filename> has been renamed as
2351 <filename>libusbhid</filename>, following NetBSD's naming
2352 conventions. &merged;</para>
2353
2354 <para role="historic">&man.ln.1; now takes an <option>-i</option> option to
2355 request user confirmation before overwriting an existing
2356 file. &merged;</para>
2357
2358 <para role="historic">&man.ln.1; now takes a <option>-h</option> flag to avoid
2359 following a target that is a link, with a <option>-n</option>
2360 flag for compatibility with other
2361 implementations. &merged;</para>
2362
2363 <para role="historic">&man.logger.1; can now send messages directly to a remote
2364 syslog. &merged;</para>
2365
2366 <para role="historic">&man.login.1; now exports environment variables set by
2367 <application>PAM</application> modules. &merged;</para>
2368
2369 <para role="historic">&man.lpc.8; has been improved; <command>lpc clean</command>
2370 is now somewhat safer, and a new <command>lpc tclean</command>
2371 command has been added to check to see what files would be
2372 removed by <command>lpc clean</command>. &merged;</para>
2373
2374 <para role="historic">&man.lpd.8; now takes two new options: <option>-c</option>
2375 will log all connection errors to &man.syslogd.8;, while
2376 <option>-W</option> will allow connections from non-reserved
2377 ports. &merged;</para>
2378
2379 <para role="historic">&man.lpd.8; now has some support for
2380 <literal>o</literal>-type print-file actions in its control
2381 files, which allows printing of PostScript files generated by
2382 <application>MacOS</application> 10.1. &merged;</para>
2383
2384 <para role="historic">&man.lpd.8; now recognizes the <option>-s</option> flag as
2385 the preferred synonym for <option>-p</option> (these flags
2386 cause &man.lpd.8; not to open a socket for network print
2387 jobs). &merged;</para>
2388
2389 <para role="historic">&man.lpd.8; now implements a new <literal>rc</literal>
2390 printcap option. When specified in a print queue for a remote
2391 host, boolean option causes &man.lpd.8; to resend the data file
2392 for each copy the user requested via <command>lpr
2393 -#<replaceable>n</replaceable></command>. &merged;</para>
2394
2395 <para role="historic">Catching up with most other network utilities in the base
2396 system, &man.lpr.1;, &man.lpd.8;, &man.syslogd.8;, and
2397 &man.logger.1; are now all IPv6-capable. &merged;</para>
2398
2399 <para role="historic"><command>lprm -</command> now works for remote printer
2400 queues. &merged;</para>
2401
2402 <para role="historic">&man.ls.1; can produce colorized listings with the
2403 <option>-G</option> flag (and appropriate terminal support).
2404 The <envar>CLICOLOR</envar> environment variable can be set to
2405 enable colorized listings by default. &merged;</para>
2406
2407 <para role="historic">&man.ls.1; now accepts a <option>-h</option> flag, which
2408 when combined with the <option>-l</option> flag, causes file
2409 sizes to be printed with unit suffixes, such that the number of
2410 digits printed is fewer than four. &merged;</para>
2411
2412 <para>The &man.ls.1; program now supports a <option>-m</option>
2413 flag to list files across a page, a <option>-p</option> flag to
2414 force printing of a <literal>/</literal> after directories, and
2415 a <option>-x</option> flag to sort filenames across a
2416 page.</para>
2417
2418 <para role="historic">&man.m4.1; now accepts a <option>-s</option> flag to cause
2419 it to emit <literal>#line</literal> directives for use by
2420 &man.cpp.1;. &merged;</para>
2421
2422 <para role="historic">&man.mail.1; now takes a <option>-E</option> flag to avoid
2423 sending messages with empty bodies. &merged;</para>
2424
2425 <para role="historic">&man.make.1; has gained the <literal>:C///</literal>
2426 (regular expression substitution), <literal>:L</literal>
2427 (lowercase), and <literal>:U</literal> (uppercase) variable
2428 modifiers. These were added to reduce the differences between
2429 the &os; and OpenBSD/NetBSD &man.make.1; programs.
2430 &merged;</para>
2431
2432 <para role="historic">Bugs in &man.make.1;, among which include broken null suffix
2433 behavior, bad assumptions about current directory permissions,
2434 and potential buffer overflows, have been fixed. &merged;</para>
2435
2436 <para role="historic">The new <varname>CPUTYPE</varname>
2437 <filename>make.conf</filename> variable controls the compilation
2438 of processor-specific optimizations in various pieces of code
2439 such as <application>OpenSSL</application>. &merged;</para>
2440
2441 <para role="historic">The &os; <filename>Makefile</filename> infrastructure now
2442 supports the <varname>WARNS</varname> directive from NetBSD.
2443 This directive controls the addition of compiler warning flags
2444 to <varname>CFLAGS</varname> in a relatively compiler-neutral
2445 manner. &merged;</para>
2446
2447 <para>&man.makewhatis.1; is now a C program, instead of a
2448 Perl script.</para>
2449
2450 <para>&man.man.1; is no longer installed SUID
2451 <username>man</username>, in order to reduce vulnerabilities
2452 associated with generating <quote>catpages</quote> (preformatted
2453 manual pages cached for repeated viewing). As a result,
2454 &man.man.1; can no longer create system catpages on a regular
2455 user's behalf. It is still able to do so if the user has write
2456 permissions to the directory holding catpages (e.g. a user's own
2457 manpages) or if the running user is
2458 <username>root</username>.</para>
2459
2460 <para>The &man.mdmfs.8; command has been added; it is a wrapper
2461 around &man.mdconfig.8;, &man.disklabel.8;, &man.newfs.8;, and
2462 &man.mount.8; that mimics the command line option set of the
2463 deprecated &man.mount.mfs.8;.</para>
2464
2465 <para role="historic">&man.mergemaster.8; now sources an
2466 <filename>/etc/mergemaster.rc</filename> file and also prompts
2467 the user to run recommended commands (such as
2468 <command>newaliases</command>) as needed. &merged;</para>
2469
2470 <para role="historic">&man.mergemaster.8; now supports two new flags.
2471 The <option>-p</option> flag enables a
2472 <quote>pre-<literal>buildworld</literal></quote> mode to files
2473 known to be essential to the success of the
2474 <literal>buildworld</literal> and
2475 <literal>installworld</literal> system updating steps. The
2476 <option>-C</option> flag, used after a successful
2477 &man.mergemaster.8; run, compares options in
2478 <filename>/etc/rc.conf</filename> to the default options in
2479 <filename>/etc/defaults/rc.conf</filename>. &merged;</para>
2480
2481 <para role="historic">mk_cmds(1) and the associated
2482 <filename>libss</filename> have been removed; they have been
2483 unused for quite some time. &merged;</para>
2484
2485 <para role="historic">&man.moused.8; now takes a <option>-a</option> option to
2486 control mouse acceleration. &merged;</para>
2487
2488 <para role="historic">&man.mtree.8; now includes support for a file that lists
2489 pathnames to be excluded when creating and verifying prototypes.
2490 This makes it easier to use &man.mtree.8; as a part of an
2491 intrusion-detection system. &merged;</para>
2492
2493 <para>&man.mv.1; now takes a (nonstandard) <option>-n</option> to
2494 automatically answer <quote>no</quote> when it would ask to
2495 overwrite a file.</para>
2496
2497 <para role="historic">&man.natd.8; now supports a
2498 <option>-log_ipfw_denied</option> option to log packets that
2499 cannot be re-injected because they are blocked by &man.ipfw.8;
2500 rules. &merged;</para>
2501
2502 <para role="historic">The <quote>in use</quote> percentage metric displayed by
2503 &man.netstat.1; now really reflects the percentage of network
2504 mbufs used. &merged;</para>
2505
2506 <para role="historic">&man.netstat.1; now has a <option>-W</option> flag that
2507 tells it not to truncate addresses, even if they're too long for
2508 the column they're printed in. &merged;</para>
2509
2510 <para role="historic">&man.netstat.1; now keeps track of input and output packets
2511 on a per-address basis for each interface. &merged;</para>
2512
2513 <para role="historic">&man.netstat.1; now has a <option>-z</option> flag to reset
2514 statistics. &merged;</para>
2515
2516 <para role="historic">&man.netstat.1; now has a <option>-S</option> flag to print
2517 address numerically but port names symbolically. &merged;</para>
2518
2519 <para role="historic">&man.newfs.8; now implements write combining, which can make
2520 creation of new filesystems up to seven times
2521 faster. &merged;</para>
2522
2523 <para role="historic">&man.newfs.8; now takes a <option>-U</option> option to
2524 enable softupdates on a new filesystem. &merged;</para>
2525
2526 <para role="historic">The default number of cylinders per group in &man.newfs.8;
2527 is now computed to be the maximum allowable given the current
2528 filesystem parameters. It can be overridden with the
2529 <option>-c</option> option. Formerly, the default was fixed at
2530 16. This change leads to better &man.fsck.8; performance and
2531 reduced fragmentation. &merged;</para>
2532
2533 <para role="historic"><anchor id="newfs-block-frag-sizes">The default block and
2534 fragment sizes for new filesystems created by &man.newfs.8; are
2535 now 16384 and 2048 bytes, respectively (the old defaults were
2536 8192 and 1024 bytes). This change generally provides increased
2537 performance, at the expense of some wasted disk
2538 space. &merged;</para>
2539
2540 <para>A number of archaic features of &man.newfs.8; have been
2541 removed; these implement tuning features that are essentially
2542 useless on modern hard disks. These features were controlled by
2543 the <option>-O</option>, <option>-d</option>,
2544 <option>-k</option>, <option>-l</option>, <option>-n</option>,
2545 <option>-p</option>, <option>-r</option>, <option>-t</option>,
2546 and <option>-x</option> flags.</para>
2547
2548 <para role="historic">&man.newsyslog.8; now has the ability to compress log files
2549 using &man.bzip2.1;. &merged;</para>
2550
2551 <para><application>NFS</application> now works over IPv6.</para>
2552
2553 <para role="historic">&man.ngctl.8; now supports a <option>write</option> command
2554 to send a data packet down a given hook. &merged;</para>
2555
2556 <para role="historic">&man.nl.1;, a line numbering filter program, has been
2557 added. &merged;</para>
2558
2559 <para><application>nsswitch</application> support has been merged
2560 from NetBSD. By creating an &man.nsswitch.conf.5; file, &os;
2561 can be configured so that various databases such as
2562 &man.passwd.5; and &man.group.5; can be looked up using flat
2563 files, NIS, or Hesiod. The old
2564 <filename>hosts.conf</filename> file is no longer used.</para>
2565
2566 <para><application>PAM</application> support has been added for
2567 account management and sessions.</para>
2568
2569 <para><application>PAM</application> configuration is now
2570 specified by files in <filename>/etc/pam.d/</filename>, rather
2571 than a single <filename>/etc/pam.conf</filename> file.
2572 <filename>/etc/pam.d/README</filename> has more details.</para>
2573
2574 <para>A &man.pam.ftp.8; module has been added to allow
2575 authentication of anonymous FTP users.</para>
2576
2577 <para>A &man.pam.ftpusers.8; module has been added to perform
2578 checks against the &man.ftpusers.5; file.</para>
2579
2580 <para>A &man.pam.lastlog.8; module has been added to record
2581 sessions in the &man.utmp.5;, &man.wtmp.5;, and &man.lastlog.5;
2582 databases.</para>
2583
2584 <para>A &man.pam.login.access.8; module has been added, to allow
2585 checking against <filename>/etc/login.access</filename>.</para>
2586
2587 <para>The &man.pam.nologin.8; module, which can disallow logins
2588 using &man.nologin.5;, has been added.</para>
2589
2590 <para>The &man.pam.opie.8; and &man.pam.opieaccess.8; modules have
2591 been added to control authentication via &man.opie.4;.</para>
2592
2593 <para>A &man.pam.passwdqc.8; module has been added, to check the
2594 quality of passwords submitted during password changes.</para>
2595
2596 <para>A &man.pam.rhosts.8; module has been added to support
2597 &man.rhosts.5; authentication.</para>
2598
2599 <para>The &man.pam.rootok.8; module, which can be used to
2600 authenticate only the superuser, has been added.</para>
2601
2602 <para>A &man.pam.securetty.8; module has been added to check the
2603 <quote>security</quote> of a TTY, as listed in &man.ttys.5;.</para>
2604
2605 <para>A &man.pam.self.8; module, which allows self-authentication
2606 of a user, has been added.</para>
2607
2608 <para role="historic">A &man.pam.ssh.8; module has been added to allow the use of
2609 SSH passphrases and keypairs for authentication. This module
2610 also handles session management by invoking
2611 &man.ssh-agent.1;. &merged;</para>
2612
2613 <para>A &man.pam.wheel.8; module has been added to permit
2614 authentication to members of a group, which defaults to
2615 <groupname>wheel</groupname>.</para>
2616
2617 <para role="historic">&man.passwd.1; and &man.pw.8; now select the password hash
2618 algorithm at run time. See the <literal>passwd_format</literal>
2619 attribute in
2620 <filename>/etc/login.conf</filename>. &merged;</para>
2621
2622 <para role="historic">&man.patch.1; now accepts a <option>-i</option> command-line
2623 flag to read a patch from a file, rather than standard
2624 input. &merged;</para>
2625
2626 <para>The &man.pathchk.1; utility, which checks pathnames for
2627 validity or portability between POSIX systems, has been
2628 added.</para>
2629
2630 <para role="historic">&man.pax.1; has received a number of enhancements, including
2631 &man.cpio.1; functionality, &man.tar.1; compatibility
2632 enhancements, <option>-z</option> and <option>-Z</option> flags
2633 for &man.gzip.1; and &man.compress.1; functionality, and a
2634 number of bug fixes. &merged;</para>
2635
2636 <para role="historic">&man.pciconf.8; now supports a <option>-v</option> option to
2637 display the vendor/device information of configured devices, in
2638 conjunction with the <option>-l</option> option. The default
2639 vendor/device database can be found at
2640 <filename>/usr/share/misc/pci_vendors</filename>. &merged;</para>
2641
2642 <para role="historic">The behavior of &man.periodic.8; is now controlled by
2643 <filename>/etc/defaults/periodic.conf</filename> and
2644 <filename>/etc/periodic.conf</filename>. &merged;</para>
2645
2646 <para role="historic">&man.ping.8; now supports a <option>-m</option> option to
2647 set the TTL of outgoing packets. &merged;</para>
2648
2649 <para role="historic">&man.ping.8; now supports a <option>-A</option> option to
2650 beep when packets are lost. &merged;</para>
2651
2652 <para role="historic">Userland &man.ppp.8; has received a number of updates and
2653 bug fixes. &merged;</para>
2654
2655 <para role="historic">&man.ppp.8; has gained the <literal>tcpmssfixup</literal>
2656 option, which adjusts outgoing and incoming TCP SYN packets so
2657 that the maximum receive segment size is no larger than allowed
2658 by the interface MTU. &merged;</para>
2659
2660 <para role="historic">&man.ppp.8; now supports IPv6. &merged;</para>
2661
2662 <para role="historic">&man.pppd.8; (the control program for kernel-level PPP) is
2663 now installed mode <literal>4550</literal> and
2664 <username>root</username><literal>:</literal><groupname>dialer</groupname>,
2665 rather than mode <literal>4555</literal> (in other words, it is
2666 no longer world-executable). Users of &man.pppd.8; may need to
2667 change their group settings. &merged;</para>
2668
2669 <para role="historic">&man.pr.1; now supports the <option>-f</option> and
2670 <option>-p</option> flags to pause output going to a
2671 terminal. &merged;</para>
2672
2673 <para role="historic">The <option>-W</option> option to &man.ps.1; (to extract
2674 information from a specified swap device) has been useless for
2675 some time; it has been removed. &merged;</para>
2676
2677 <para role="historic">&man.pwd.1; can now double as &man.realpath.1;, a program to
2678 resolve pathnames to their underlying physical
2679 paths. &merged;</para>
2680
2681 <para>&man.pwd.1; now supports the <option>-L</option> flag to
2682 print the logical current working directory.</para>
2683
2684 <para>The pseudo-random number generator implemented by
2685 &man.rand.3; has been improved to provide less biased
2686 results.</para>
2687
2688 <para role="historic">&man.rc.8; now has an framework for handling dependencies
2689 between &man.rc.conf.5; variables. &merged;</para>
2690
2691 <para role="historic">&man.rc.8; now deletes all non-directory files in
2692 <filename>/var/run</filename> and
2693 <filename>/var/spool/lock</filename> at boot
2694 time. &merged;</para>
2695
2696 <para>&man.rcmd.3; now supports the use of the
2697 <envar>RSH</envar> environment variable to specify a program to
2698 use other than &man.rsh.1; for remote execution. As a result,
2699 programs such as &man.dump.8;, can use &man.ssh.1; for remote
2700 transport.</para>
2701
2702 <para>&man.rdist.1; has been retired from the base system, but is
2703 still available from &os; Ports Collection as
2704 <filename role="package">net/44bsd-rdist</filename>.</para>
2705
2706 <para role="historic">&man.reboot.8; now takes a <option>-k</option> to specify
2707 the next kernel to boot. &merged;</para>
2708
2709 <para>The &man.renice.8; command implements a <option>-n</option>
2710 option, which specifies an increment to be applied to the
2711 priority of a process.</para>
2712
2713 <para role="historic">The &man.resolver.3; in &os; now implements EDNS0 support,
2714 which will be necessary when working with IPv6 transport-ready
2715 resolvers/DNS servers. &merged;</para>
2716
2717 <para role="historic">The &man.rfork.thread.3; library call has been added as a
2718 helper function to &man.rfork.2;. Using this function should
2719 avoid the need to implement complex stack swap
2720 code. &merged;</para>
2721
2722 <para>The <option>-v</option> option to &man.rm.1; now displays
2723 the entire pathname of a file being removed.</para>
2724
2725 <para role="historic">&man.route.8; is now more verbose when changing indirect
2726 routes, in the case of a gateway route that is the same route as
2727 the one being modified. &merged;</para>
2728
2729 <para role="historic">&man.route.8; now uses
2730 <literal><replaceable>host</replaceable>/<replaceable>bits</replaceable></literal>
2731 syntax instead of
2732 <literal><replaceable>net</replaceable>/<replaceable>bits</replaceable></literal>
2733 syntax, for compatibility with &man.netstat.1;. &merged;</para>
2734
2735 <para role="historic">&man.route.8; can now create <quote>proxy only</quote>
2736 published ARP entries. &merged;</para>
2737
2738 <para role="historic">The &man.route.8; <option>add</option> command now supports
2739 the <option>-ifp</option> and <option>-ifa</option>
2740 modifiers. &merged;</para>
2741
2742 <para>&man.rpcbind.8; has replaced &man.portmap.8;.</para>
2743
2744 <para>&man.rpcgen.1; now uses <filename>/usr/bin/cpp</filename>
2745 (as on NetBSD), not
2746 <filename>/usr/libexec/cpp</filename>.</para>
2747
2748 <para>&man.rpc.lockd.8; has been imported from NetBSD. This
2749 daemon provides support for servicing client NFS locks.</para>
2750
2751 <para role="historic">The performance of the ELF dynamic linker &man.rtld.1; has
2752 been improved. &merged;</para>
2753
2754 <para role="historic">RSA Security has waived all patent rights to the
2755 <application>RSA</application> algorithm. As a result, the
2756 native <application>OpenSSL</application> implementation of the
2757 RSA algorithm is now activated by default, and the <filename
2758 role="package">security/rsaref</filename> port and the
2759 <filename>librsaUSA</filename> and
2760 <filename>librsaINTL</filename> libraries are no longer required
2761 for USA and non-USA residents respectively. &merged;</para>
2762
2763 <para>&man.rtld.1; will now print the names of all objects that
2764 cause each object to be loaded, if the
2765 <varname>LD_TRACE_LOADED_OBJECTS_ALL</varname> environment
2766 variable is defined.</para>
2767
2768 <para role="historic">&man.savecore.8; now supports a <option>-k</option> option
2769 to prevent clearing a crash dump after saving it. It also
2770 attempts to avoid writing large stretches of zeros to crash dump
2771 files to save space and time. &merged;</para>
2772
2773 <para role="historic">&man.savecore.8; now works correctly on machines with 2 GB
2774 or more of RAM. &merged;</para>
2775
2776 <para>The &man.sccs.1; front-end to the Source Code Control System
2777 has been revived.</para>
2778
2779 <para role="historic">&man.sed.1; now takes a <option>-E</option> option for
2780 extended regular expression support. &merged;</para>
2781
2782 <para>&man.sed.1; now takes a <option>-i</option> option to enable
2783 in-place editing of files.</para>
2784
2785 <para role="historic">&man.send-pr.1; now takes a <option>-a</option> option to
2786 include a file into the <literal>Fix:</literal> section of a
2787 problem report. &merged;</para>
2788
2789 <para>The &man.setfacl.1; and &man.getfacl.1; commands have been
2790 added to manage filesystem Access Control Lists.</para>
2791
2792 <para role="historic">&man.setproctitle.3; has been moved from
2793 <filename>libutil</filename> to
2794 <filename>libc</filename>. &merged;</para>
2795
2796 <para role="historic">&man.sh.1; now implements <command>test</command> as a
2797 built-in command for improved efficiency. &merged;</para>
2798
2799 <para>&man.sh.1; no longer implements <command>printf</command> as
2800 a built-in command because it was considered less valuable
2801 compared to the other built-in commands (this functionality is,
2802 of course, still available through the &man.printf.1;
2803 executable).</para>
2804
2805 <para>&man.sh.1; now supports a <option>-C</option> option to
2806 prevent existing regular files from being overwritten by output
2807 redirection, and a <option>-u</option> to give an error if an
2808 unset variable is expanded.</para>
2809
2810 <para role="historic">&man.sockstat.1; now has <option>-c</option> and
2811 <option>-l</option> flags for listing connected and listening
2812 sockets, respectively. &merged;</para>
2813
2814 <para>&man.spkrtest.8; is now a &man.sh.1; script, rather than a
2815 Perl script.</para>
2816
2817 <para role="historic">&man.split.1; now has the ability to split a file longer
2818 than 2GB. &merged;</para>
2819
2820 <para>&man.split.1; now supports a <option>-a</option> option to
2821 specify the number of letters to use for the suffix of split
2822 files.</para>
2823
2824 <para>In preparation for meeting SUSv2/POSIX
2825 <filename><sys/select.h></filename> requirements,
2826 <literal>struct selinfo</literal> and related functions have been
2827 moved to <filename><sys/selinfo.h></filename>.</para>
2828
2829 <para role="historic">The &man.strnstr.3; and &man.strcasestr.3; variants of
2830 &man.strstr.3; have been implemented. &merged;</para>
2831
2832 <para role="historic">&man.stty.1; now has support for an
2833 <literal>erase2</literal> control character, so that, for
2834 example, both the <keycap>Delete</keycap> and
2835 <keycap>Backspace</keycap> keys can be used to erase
2836 characters. &merged;</para>
2837
2838 <para>&man.su.1; now uses <application>PAM</application> for
2839 authentication.</para>
2840
2841 <para role="historic">Boot-time &man.syscons.4; configuration was moved to a
2842 machine-independent
2843 <filename>/etc/rc.syscons</filename>. &merged;</para>
2844
2845 <para role="historic">&man.sysctl.8; now supports a <option>-N</option> option to
2846 print out variable names only. &merged;</para>
2847
2848 <para role="historic">&man.sysctl.8; has replaced the <option>-A</option> and
2849 <option>-X</option> options with <option>-ao</option> and
2850 <option>-ax</option> respectively; the former options are now
2851 deprecated. The <option>-w</option> option is deprecated as
2852 well; it is not needed to determine the user's
2853 intentions. &merged;</para>
2854
2855 <para role="historic">&man.sysctl.8; now supports a <option>-e</option> option to
2856 separate variable names and values by <literal>=</literal>
2857 rather than <literal>:</literal>. This feature is useful for
2858 producing output that can be fed back to
2859 &man.sysctl.8;. &merged;</para>
2860
2861 <para>&man.sysctl.8; now accepts a <option>-d</option> flag to print
2862 the descriptions of variables.</para>
2863
2864 <para role="historic">&man.sysinstall.8; now properly preserves
2865 <filename>/etc/mail</filename> during a binary
2866 upgrade. &merged;</para>
2867
2868 <para role="historic">&man.sysinstall.8; now uses some more intuitive defaults
2869 thanks to some new dialog support functions. &merged;</para>
2870
2871 <para>The default root partition in &man.sysinstall.8; is now
2872 100MB on the i386 and pc98, 120MB on the Alpha.</para>
2873
2874 <para>&man.sysinstall.8; now lives in
2875 <filename>/usr/sbin</filename>, which simplifies the
2876 installation process. The &man.sysinstall.8; manpage is also
2877 installed in a more consistent fashion now.</para>
2878
2879 <para role="historic">&man.sysinstall.8; now has the ability to load KLDs as a
2880 part of the installation. &merged;</para>
2881
2882 <para role="historic">When run from the installation media, &man.sysinstall.8;
2883 will automatically load any device drivers found in the
2884 <filename>/stand/modules</filename> directory of the
2885 <literal>mfsroot</literal> floppy or filesystem image. Note
2886 that any drivers so loaded will not appear in the kernel's boot
2887 messages; the &man.sysinstall.8; debugging screen will provide
2888 additional information. &merged;</para>
2889
2890 <para role="historic">&man.sysinstall.8; now enables Soft Updates by default on
2891 all filesystems it creates, except for the root
2892 filesystem. &merged;</para>
2893
2894 <para role="historic">&man.sysinstall.8; has received updates for its
2895 <quote>auto</quote> partitioning mode which provide more
2896 reasonable defaults for the sizes of partitions that are
2897 created; auto-sized partitions can now also recover the space
2898 that becomes available when other partitions are
2899 deleted. &merged;</para>
2900
2901 <para>&man.sysinstall.8; no longer mounts the &man.procfs.5;
2902 filesystem by default on new installs.</para>
2903
2904 <para role="historic">&man.sysinstall.8; now has rudimentary support for
2905 retrieving packages from the correct volume of a multiple-volume
2906 installation (such as a multi-CD distribution). &merged;</para>
2907
2908 <para role="historic">&man.syslogd.8; can take a <option>-n</option> option to
2909 disable DNS queries for every request. &merged;</para>
2910
2911 <para role="historic">&man.syslogd.8; now supports a
2912 <literal>LOG_CONSOLE</literal> facility (disabled by default),
2913 which can be used to log <filename>/dev/console</filename>
2914 output. &merged;</para>
2915
2916 <para role="historic">&man.syslogd.8; now has the ability to bind to a specific
2917 address (as opposed to using every available one) via the
2918 <option>-b</option> option. &merged;</para>
2919
2920 <para role="historic">&man.syslogd.8; now accepts a <option>-c</option> flag to
2921 disable repeated line compression. &merged;</para>
2922
2923 <para>&man.tabs.1;, a utility to set terminal tab stops, has been
2924 added.</para>
2925
2926 <para role="historic">&man.tail.1; now has the ability to work on files longer
2927 than 2GB. &merged;</para>
2928
2929 <para role="historic">&man.tar.1; now supports the <varname>TAR_RSH</varname>
2930 variable, principally to enable the use of &man.ssh.1; as a
2931 transport. &merged;</para>
2932
2933 <para role="historic">&man.telnet.1; now does autologin and encryption by default;
2934 a new <option>-y</option> option turns off encryption. &merged;</para>
2935
2936 <para role="historic">&man.telnet.1; now supports a <option>-u</option> flag to
2937 allow connections to UNIX-domain (<literal>AF_UNIX</literal>)
2938 sockets. &merged;</para>
2939
2940 <para role="historic">&man.tftp.1; and &man.tftpd.8; now support IPv6. &merged;</para>
2941
2942 <para role="historic">&man.tftpd.8; now takes the <option>-c</option> and
2943 <option>-C</option> options, which allow the server to
2944 &man.chroot.2; based on the IP address of the connecting client.
2945 &man.tftp.1; and &man.tftpd.8; can now transfer files larger
2946 than 65535 blocks. &merged;</para>
2947
2948 <para>&man.tftpd.8; now supports RFC 2349 (TFTP Timeout Interval
2949 and Transfer Size Options); this feature is required by some
2950 firmware like EFI boot managers (at least on HP i2000 Itanium
2951 servers) in order to boot an image using
2952 <application>TFTP</application>.</para>
2953
2954 <para arch="alpha">&man.timed.8; now works on the alpha.</para>
2955
2956 <para>A version of Transport Independent RPC
2957 (<application>TI-RPC</application>) has been imported.</para>
2958
2959 <para role="historic">&man.tmpnam.3; will now use the <envar>TMPDIR</envar>
2960 environment variable, if set, to specify the location of
2961 temporary files. &merged;</para>
2962
2963 <para>&man.tip.1; has been updated from
2964 <application>OpenBSD</application>, and has the ability to act
2965 as a &man.cu.1; substitute.</para>
2966
2967 <para>&man.top.1; will now use the full width of its tty.</para>
2968
2969 <para>&man.touch.1; now takes a <option>-h</option> option to
2970 operate on a symbolic link, rather than what the link points
2971 to.</para>
2972
2973 <para role="historic">The &man.truncate.1; utility, which truncates or extends the
2974 length of files, has been added. &merged;</para>
2975
2976 <para role="historic">Ukrainian language support has been added to the &os;
2977 console. &merged;</para>
2978
2979 <para><application>UUCP</application> has been removed from the
2980 base system. It can be found in the Ports Collection, in
2981 <filename role="package">net/freebsd-uucp</filename>.</para>
2982
2983 <para>&man.unexpand.1; now supports a <option>-t</option> to
2984 specify tabstabs analogous to &man.expand.1;.</para>
2985
2986 <para role="historic">&man.units.1; has received some updates and
2987 bugfixes. &merged;</para>
2988
2989 <para>&man.usbdevs.8; now supports a <option>-d</option> flag to
2990 show the device driver associated with each device.</para>
2991
2992 <para role="historic">The &man.usbhidctl.1; utility has been added to manipulate
2993 USB Human Interface Devices. &merged;</para>
2994
2995 <para role="historic">&man.uuencode.1; and &man.uudecode.1; now accept a <option>-o</option> option to
2996 set their output files. &man.uuencode.1; can now be made to do base64 encoding
2997 when given the <option>-m</option> flag, while &man.uudecode.1;
2998 can now automatically decode base64 files. &merged;</para>
2999
3000 <para>The base64 capabilities of &man.uuencode.1; and
3001 &man.uudecode.1; can now be automatically enabled by invoking
3002 these utilities as &man.b64encode.1; and &man.b64decode.1;
3003 respectively.</para>
3004
3005 <para role="historic">&man.vidcontrol.1; now accepts a <option>-g</option>
3006 parameter to select custom text geometry in the
3007 <literal>VESA_800x600</literal> raster text mode. &merged;</para>
3008
3009 <para role="historic">&man.vidcontrol.1; now allows the user to omit the font size
3010 specification when loading a font, and has some better
3011 error-handling. &merged;</para>
3012
3013 <para role="historic">&man.vidcontrol.1; now supports a <option>-p</option> option
3014 to take a snapshot of a &man.syscons.4; video buffer. These
3015 snapshots can be manipulated by the
3016 <filename role="package">graphics/scr2png</filename> utility in
3017 the Ports Collection. &merged;</para>
3018
3019 <para role="historic">&man.vidcontrol.1; now supports a <option>-C</option> option
3020 to clear the history buffer for a given tty, as well as a
3021 <option>-h</option> option to set the size of the history
3022 buffer. &merged;</para>
3023
3024 <para>The default stripe size in &man.vinum.8; has been changed
3025 from 256KB to 279KB, to spread out superblocks more evenly
3026 between stripes.</para>
3027
3028 <para role="historic">&man.wall.1; now supports a <option>-g</option> flag to
3029 write a message to all users of a given group. &merged;</para>
3030
3031 <para role="historic">&man.watch.8; now takes a <option>-f</option> option to
3032 specify a &man.snp.4; device to use. &merged;</para>
3033
3034 <para>&man.which.1; is now a C program, rather than a Perl
3035 script.</para>
3036
3037 <para>&man.who.1; now has a number of new options:
3038 <option>-H</option> shows column headings; <option>-T</option>
3039 shows &man.mesg.1; state; <option>-m</option> is an equivalent
3040 to <option>am i</option>; <option>-u</option> shows idle time;
3041 <option>-q</option> to list names in columns.</para>
3042
3043 <para role="historic">&man.whois.1; now directs queries for IP addresses to ARIN.
3044 If a query to ARIN references APNIC or RIPE, the appropriate
3045 server will also be queried, provided that the
3046 <option>-Q</option> option is not specified. &merged;</para>
3047
3048 <para role="historic">&man.whois.1; supports a <option>-c</option> option to
3049 specify a country code to help direct queries towards a
3050 particular whois server. &merged;</para>
3051
3052 <para>&man.xargs.1; now supports a <option>-I</option>
3053 <replaceable>replstr</replaceable> option that allows the user
3054 to tell &man.xargs.1; to insert the data read from standard
3055 input at specific points in the command line arguments rather
3056 than at the end. (A &os;-specific <option>-J</option> option is
3057 similar, but is now deprecated in favor of the more portable
3058 <option>-I</option> option.)</para>
3059
3060 <para>&man.xargs.1; now supports a <option>-L</option> option to
3061 force its utility argument to be called after some number of
3062 lines.</para>
3063
3064 <para role="historic">The compiler chain now uses the FSF-supplied C/C++ runtime
3065 initialization code. This change brings about better
3066 compatibility with code generated from the various egcs and gcc
3067 ports, as well as the stock public FSF source. &merged;</para>
3068
3069 <para role="historic">The threads library has gained some signal handling changes,
3070 bug fixes, and performance enhancements (including zero system
3071 call thread switching). &man.gdb.1; thread support has been
3072 updated to match these changes. &merged;</para>
3073
3074 <para role="historic">Significant additions have been made to internationalization
3075 support; &os; now has complete locale support for the
3076 <literal>LC_MONETARY</literal>, <literal>LC_NUMERIC</literal>,
3077 and <literal>LC_MESSAGES</literal> categories. A number of
3078 applications have been updated to take advantage of this
3079 support. &merged;</para>
3080
3081 <para role="historic">Locale names have been changed to improve compatibility with
3082 the names used by X11R6, as well as a number of other UNIX
3083 versions. As an example, the
3084 <literal>en_US.ISO_8859-1</literal> locale name has been changed
3085 to
3086 <literal>en_US.ISO8859-1</literal>. Entries in
3087 <filename>/etc/locale.alias</filename> provide backward
3088 compatibility. &merged;</para>
3089
3090 <para role="historic"><filename>/usr/src/share/examples/BSD_daemon/</filename> now
3091 contains a scalable Beastie graphic. &merged;</para>
3092
3093 <para role="historic">As part of an ongoing process, many manual pages were
3094 improved, both in terms of their formatting markup and in their
3095 content. &merged;</para>
3096
3097 <para>A number of utilities and libraries were enhanced to improve
3098 their conformance with the Single UNIX Specification (SUSv3) and
3099 IEEE Std 1003.1-2001 (<quote>POSIX.1</quote>). Specific
3100 features added have been listed in the release notes for each
3101 utility. The standards conformance of each utility or library
3102 function is generally listed in its manual page.</para>
3103
3104 <sect3>
3105 <title>Contributed Software</title>
3106
3107 <para><application>am-utils</application> has been updated to
3108 6.0.7.</para>
3109
3110 <para>A 10 February 2002 snapshot of <application>awk</application> from Bell Labs (variously
3111 known as <quote>BWK awk</quote> or <quote>The One True
3112 AWK</quote>) has been imported. It is available as
3113 <command>awk</command> or
3114 <command>nawk</command>.</para>
3115
3116 <para role="historic"><application>bc</application> has been updated from 1.04 to
3117 1.06. &merged;</para>
3118
3119 <para role="historic">The ISC library from the <application>BIND</application>
3120 distribution is now built as
3121 <filename>libisc</filename>. &merged;</para>
3122
3123 <para role="historic"><application>BIND</application> is now built with the
3124 <literal>NOADDITIONAL</literal> flag, which causes
3125 &man.named.8; to operate in a more consistent fashion for
3126 certain common misconfigurations. &merged;</para>
3127
3128 <para role="historic"><application>BIND</application> has been updated to
3129 8.3.2-T1B. &merged;</para>
3130
3131 <para><application>Binutils</application> has been updated to
3132 2.12.0.</para>
3133
3134 <para role="historic"><application>bzip2</application> 1.0.2 has been imported;
3135 this brings the &man.bzip2.1; program and the
3136 <filename>libbz2</filename> library to the base
3137 system. &merged;</para>
3138
3139 <para role="historic">The &man.ee.1; <application>Easy Editor</application> has
3140 been updated to 1.4.2. &merged;</para>
3141
3142 <para><application>file</application> has been updated to
3143 3.37.</para>
3144
3145 <para><application>gcc</application> has been updated to
3146 a snapshot of <application>gcc</application> 3.1.
3147 <warning>
3148 <para>The integration of <application>gcc</application> is
3149 very new. Some applications and programs in the base
3150 system require fixes or compiler flags to build
3151 correctly. Work to address these problems is ongoing.</para>
3152 </warning>
3153 </para>
3154
3155 <para role="historic">&man.gcc.1; now uses a unified <filename>libgcc</filename>
3156 rather than a separate one for threaded and non-threaded
3157 programs. <filename>/usr/lib/libgcc_r.a</filename> can be
3158 removed. &merged;</para>
3159
3160 <para role="historic">&man.gcc.1; now supports the environment variable
3161 <envar>GCC_OPTIONS</envar>, which can hold a set of default
3162 options for <application>GCC</application>. &merged;</para>
3163
3164 <para role="historic"><application>GNATS</application> has been updated to
3165 3.113. &merged;</para>
3166
3167 <para><application>GNU awk</application> has been updated to
3168 3.1.0. It is now available as <command>gawk</command>.</para>
3169
3170 <para><application>gperf</application> has been updated to
3171 2.7.2.</para>
3172
3173 <para role="historic"><application>groff</application> and its related utilities
3174 have been updated to FSF version 1.17.2. This import brings
3175 in a new &man.mdoc.7; macro package (sometimes referred to as
3176 <literal>mdocNG</literal>), which removes many of the
3177 limitations of its predecessor. &merged;</para>
3178
3179 <para role="historic"><application>Heimdal Kerberos</application> has been updated to
3180 0.4e. &merged;</para>
3181
3182 <para role="historic">The version of <application>IPFilter</application>
3183 provided with &os; now includes the &man.ipfs.8; program,
3184 which allows state information created for NAT entries and
3185 stateful rules to be saved to disk and restored after a
3186 reboot. Boot-time configuration of these features is
3187 supported by &man.rc.conf.5;. &merged;</para>
3188
3189 <para role="historic">The <application>ISC DHCP</application> client has been
3190 updated to 3.0.1RC8. &merged;</para>
3191
3192 <para role="historic"><application>Kerberos IV</application> has been updated to
3193 1.0.5. &merged;</para>
3194
3195 <para>The &man.more.1; command has been replaced by
3196 &man.less.1;, although it can still be run as
3197 <command>more</command>. &merged; Version 371 of
3198 <application>less</application> has been imported.</para>
3199
3200 <para role="historic"><application>libpcap</application> has been updated to
3201 0.6.2. &merged;</para>
3202
3203 <para><application>libreadline</application> has been updated to
3204 4.2.</para>
3205
3206 <para><application>libz</application> has been updated to
3207 1.1.4.</para>
3208
3209 <para><application>lint</application> has been updated to
3210 snapshot of NetBSD &man.lint.1; as of 3 March 2002.</para>
3211
3212 <para><application>lukemftp</application> (the FTP client from
3213 NetBSD) has replaced the &os; &man.ftp.1; program. Among its
3214 new features are more automation methods, better standards
3215 compliance, transfer rate throttling, and a customizable
3216 command-line prompt. Some environment variables and
3217 command-line arguments have changed.</para>
3218
3219 <para>The FTP daemon from NetBSD, otherwise known as
3220 <application>lukemftpd</application>, has been imported and is
3221 available as &man.lukemftpd.8;.</para>
3222
3223 <para>&man.m4.1; has been imported from OpenBSD, as of 26 April
3224 2002.</para>
3225
3226 <para><application>ncurses</application> has been updated to
3227 5.2-20020518.</para>
3228
3229 <para role="historic">The <application>NTP</application> suite of programs has
3230 been updated to 4.1.0. &merged;</para>
3231
3232 <para><application>OpenPAM</application>
3233 (<quote>Cinnamon</quote> release) has been imported,
3234 replacing
3235 <application>Linux-PAM</application>.</para>
3236
3237 <para>The <application>OPIE</application> one-time-password
3238 suite has been updated to 2.4. It has completely
3239 replaced the functionality of
3240 <application>S/Key</application>.</para>
3241
3242 <para><application>Perl</application> has been removed from the
3243 &os; base system. It can still be installed from the &os;
3244 Ports Collection or as a binary package; moving it out of the
3245 base system will make future upgrades and maintenence easier.
3246 To reduce the dependence of the base system on
3247 Perl, many utilities have been
3248 rewritten as shell scripts or C programs (specific notes are
3249 made for each affected utility).
3250 <filename>/usr/bin/perl</filename> is now a
3251 <quote>wrapper</quote> program, so that programs expecting to
3252 find a Perl interpreter there will
3253 be able to function correctly.
3254
3255 <warning>
3256 <para>The Perl removal and
3257 package integration work is ongoing.</para>
3258 </warning>
3259
3260 </para>
3261
3262 <para><application>GNU ptx</application> has been removed from
3263 the base system. It is not used anywhere in the base system,
3264 and has not been recently updated or maintained. Users
3265 requiring its functionality can install this utility as a part
3266 of the <filename role="package">textproc/textutils</filename>
3267 port.</para>
3268
3269 <para role="historic">&man.routed.8; has been updated to version
3270 2.22. &merged;</para>
3271
3272 <para arch="i386,pc98">Version 1.4.4 of the
3273 <application>smbfs</application> userland utilities have been
3274 imported.</para>
3275
3276 <para><application>GNU sort</application> has been updated to
3277 the version from <application>GNU textutils
3278 2.0.21</application>.</para>
3279
3280 <para>&man.stat.1; from <application>NetBSD</application>, as of
3281 5 June 2002 has, been imported.</para>
3282
3283 <para><application>GNU tar</application> has been updated to
3284 1.13.25.</para>
3285
3286 <para role="historic"><application>tcpdump</application> has been updated to
3287 3.6.3. &merged;</para>
3288
3289 <para role="historic">The &man.csh.1; shell has been replaced by &man.tcsh.1;,
3290 although it can still be run as <command>csh</command>.
3291 <application>tcsh</application> has been updated to version
3292 6.11. &merged;</para>
3293
3294 <para>The contributed version of
3295 <application>tcp_wrappers</application> now includes the
3296 &man.tcpd.8; helper daemon. While not strictly necessary in a
3297 standard &os; installation (because &man.inetd.8; already
3298 incorporates this functionality), this may be useful for
3299 &man.inetd.8; replacements such as
3300 <application>xinetd</application>.</para>
3301
3302 <para role="historic"><application>texinfo</application> has been updated to
3303 4.1. &merged;</para>
3304
3305 <para><application>top</application> has been updated to version
3306 3.5b12.</para>
3307
3308 <para role="historic">&man.traceroute.8; now takes its default maximum TTL value
3309 from the <varname>net.inet.ip.ttl</varname> sysctl
3310 variable. &merged;</para>
3311
3312 <para role="historic">The timezone database has been updated to the
3313 <filename>tzdata2002c</filename> release. &merged;</para>
3314
3315 <sect4>
3316 <title>CVS</title>
3317
3318 <para role="historic"><application>cvs</application> has been updated to
3319 1.11.1p1. &merged;</para>
3320
3321 <para role="historic">The default value for &man.cvs.1;'s
3322 <envar>CVS_RSH</envar> variable is now
3323 <literal>ssh</literal>, rather than
3324 <literal>rsh</literal>. &merged;</para>
3325
3326 <para role="historic">&man.cvs.1; now supports a <option>-T</option> option to
3327 update a sandbox's <filename>CVS/Template</filename> file
3328 from the repository. &merged;</para>
3329
3330 <para role="historic">&man.cvs.1; <literal>diff</literal> now supports the
3331 <option>-j</option> option to perform differences against a
3332 revision relative to a branch tag. &merged;</para>
3333 </sect4>
3334
3335 <sect4>
3336 <title>CVSup</title>
3337
3338 <para role="historic"><application>CVSup</application>, a frequently used
3339 utility in the &os; Ports Collection, was formerly
3340 installable using several ports and packages. The
3341 <filename role="package">net/cvsup-bin</filename> and
3342 <filename role="package">net/cvsupd-bin</filename>
3343 ports/packages are no longer necessary or available; the
3344 <filename role="package">net/cvsup</filename> port should be
3345 used instead. &merged;</para>
3346
3347 <para role="historic"><application>CVSup</application> has been updated to
3348 16.1_3, which is available in the &os; Ports Collection as
3349 <filename role="package">net/cvsup</filename>. This update
3350 fixes a long-standing (but only recently encountered) bug
3351 which affects the timestamps on all files after Sun Sep 9
3352 01:46:40 UTC 2001 (1,000,000,000 seconds after the UNIX
3353 epoch). &merged;</para>
3354 </sect4>
3355
3356 <sect4 id="kame-userland">
3357 <title>KAME</title>
3358
3359 <para role="historic">The IPv6 stack is now based on a snapshot based on the
3360 KAME Project's IPv6 snapshot as of 28 May, 2001. Most of
3361 the items listed in this section are a result of this
3362 import.
3363 <xref linkend="kame-kernel"> lists kernel updates to the
3364 KAME IPv6 stack. &merged;</para>
3365
3366 <para role="historic">&man.faithd.8; now supports a configuration file for
3367 access control. &merged;</para>
3368
3369 <para role="historic">&man.ifconfig.8; can now perform the functions of
3370 &man.gifconfig.8;. &merged;</para>
3371
3372 <para role="historic">&man.ifconfig.8; can now perform the functions of
3373 &man.prefix.8;. &man.prefix.8; is now a shell script for
3374 partial backwards compatibility. &merged;</para>
3375
3376 <para role="historic">&man.ndp.8; now implements garbage collection for stale
3377 NDP entries, as described in RFC 2461 (Neighbor Discovery
3378 for IP Version 6 (IPv6)). &merged;</para>
3379
3380 <para role="historic">pim6dd(8) and pim6sd(8) have been removed due
3381 to restrictive licensing conditions. These programs are
3382 available in the ports collection as
3383 <filename role="package">net/pim6dd</filename> and
3384 <filename role="package">net/pim6sd</filename>. &merged;</para>
3385
3386 <para role="historic">&man.route6d.8; now supports an <option>-n</option> flag
3387 to avoid updating the kernel forwarding
3388 table. &merged;</para>
3389
3390 <para role="historic">The <option>-R</option> (router renumbering) option to
3391 &man.rtadvd.8; is currently ignored. &merged;</para>
3392 </sect4>
3393
3394 <sect4>
3395 <title>OpenSSH</title>
3396
3397 <para role="historic"><application>OpenSSH</application> has been updated to
3398 2.9, which provides support for the SSH2 protocol (now the
3399 default) and DSA keys. &man.ssh-add.1; and
3400 &man.ssh-agent.1; can now handle DSA keys, with support for
3401 authentication forwarding.
3402 <application>OpenSSH</application> users in the USA no
3403 longer need to rely on the restrictively-licensed RSAREF
3404 toolkit which is required to handle RSA keys. Among other
3405 new features: A client and server for &man.sftp.1; has been added.
3406 &man.scp.1; can now handle files larger than 2 GBytes. A
3407 limit on the number of outstanding, unauthenticated
3408 connections in &man.sshd.8; has been added. Support has
3409 been added for the Rijndael encryption algorithm. Rekeying
3410 of existing sessions is now supported, and an experimental
3411 <application>SOCKS4</application> proxy has been added to
3412 &man.ssh.1;. &merged;</para>
3413
3414 <para><application>OpenSSH</application> has been updated to
3415 version 3.1. Among the changes:
3416 <itemizedlist>
3417 <listitem>
3418 <para>The <filename>*2</filename> files are obsolete
3419 (for example,
3420 <filename>~/.ssh/known_hosts</filename> can hold the
3421 contents of
3422 <filename>~/.ssh/known_hosts2</filename>).</para>
3423 </listitem>
3424 <listitem>
3425 <para>&man.ssh-keygen.1; can import and export keys using
3426 the SECSH Public Key File Format, for key exchange
3427 with several commercial SSH implementations.</para>
3428 </listitem>
3429 <listitem>
3430 <para>&man.ssh-add.1; now adds all three default keys.</para>
3431 </listitem>
3432 <listitem>
3433 <para>&man.ssh-keygen.1; no longer defaults to a
3434 specific key type; one must be specified with the
3435 <option>-t</option> option.</para>
3436 </listitem>
3437 </itemizedlist>
3438 </para>
3439
3440 <para><application>OpenSSH</application> can now authenticate
3441 using <application>OPIE</application> passwords.</para>
3442
3443 <para><application>PAM</application> support for
3444 <application>OpenSSH</application> has been added.</para>
3445
3446 <para>A long-standing bug in
3447 <application>OpenSSH</application>, which sometimes resulted
3448 in a dropped session when an X11-forwarded client was
3449 closed, was fixed.</para>
3450
3451 <para role="historic"><application>Kerberos</application> compatibility has
3452 been added to
3453 <application>OpenSSH</application>. &merged;</para>
3454
3455 <para role="historic"><application>OpenSSH</application> has been modified to
3456 be more resistant to traffic analysis by requiring that
3457 <quote>non-echoed</quote> characters are still echoed back
3458 in a null packet, as well as by padding passwords sent so as
3459 not to hint at password lengths. &merged;</para>
3460
3461 <para role="historic">&man.sshd.8; is now enabled by default on new
3462 installs. &merged;</para>
3463
3464 <para role="historic">&man.sshd.8; <literal>X11Forwarding</literal> is now
3465 turned on by default on the server (any risk is to the
3466 client, where it is already disabled by
3467 default). &merged;</para>
3468
3469 <para role="historic">In <filename>/etc/ssh/sshd_config</filename>, the
3470 <literal>ConnectionsPerPeriod</literal> parameter has been
3471 deprecated in favor of
3472 <literal>MaxStartups</literal>. &merged;</para>
3473
3474 <para role="historic"><application>OpenSSH</application> now has a
3475 <literal>VersionAddendum</literal> configuration setting for
3476 &man.sshd.8; to allow changing the part of the
3477 <application>OpenSSH</application> version string after the
3478 main version number. &merged;</para>
3479 </sect4>
3480
3481 <sect4>
3482 <title>OpenSSL</title>
3483
3484 <para><application>OpenSSL</application> has been updated to
3485 0.9.6c.</para>
3486
3487 <para role="historic"><application>OpenSSL</application> now has support for
3488 machine-dependent ASM optimizations, activated by the new
3489 <varname>MACHINE_CPU</varname> and/or
3490 <varname>CPUTYPE</varname>
3491 <filename>make.conf</filename> variables. &merged;</para>
3492 </sect4>
3493
3494 <sect4>
3495 <title>sendmail</title>
3496
3497 <para><application>sendmail</application> has been updated
3498 from version 8.9.3 to version 8.12.4. Important changes
3499 include: &man.sendmail.8; is no longer installed as a
3500 set-user-ID <username>root</username> binary (now set-group-ID <groupname>smmsp</groupname>); new
3501 default file locations (see
3502 <filename>/usr/src/contrib/sendmail/cf/README</filename>);
3503 &man.newaliases.1; is limited to <username>root</username>
3504 and trusted users; STARTTLS encryption; and the MSA port
3505 (587) is turned on by default. See
3506 <filename>/usr/src/contrib/sendmail/RELEASE_NOTES</filename>
3507 for more information. &merged;</para>
3508
3509 <para role="historic">&man.mail.local.8; is no longer installed as a
3510 set-user-ID binary. If you are using a
3511 <filename>/etc/mail/sendmail.cf</filename> from the default
3512 <filename>sendmail.cf</filename> included with &os; any time
3513 after 3.1.0, you are fine. If you are using a
3514 hand-configured <filename>sendmail.cf</filename> and
3515 <command>mail.local</command> for delivery, check to make sure the
3516 <literal>F=S</literal> flag is set on the
3517 <literal>Mlocal</literal> line. Those with
3518 <filename>.mc</filename> files who need to add the flag can
3519 do so by adding the following line to their
3520 <filename>.mc</filename> file and regenerating the
3521 <filename>sendmail.cf</filename> file:</para>
3522
3523 <programlisting role="historic">MODIFY_MAILER_FLAGS(`LOCAL',`+S')dnl</programlisting>
3524
3525 <para role="historic">Note that <literal>FEATURE(`local_lmtp')</literal> already
3526 does this. &merged;</para>
3527
3528 <para role="historic">The default <filename>/etc/mail/sendmail.cf</filename>
3529 disables the SMTP <literal>EXPN</literal> and
3530 <literal>VRFY</literal> commands. &merged;</para>
3531
3532 <para role="historic">&man.vacation.1; has been updated to use the version
3533 included with <application>sendmail</application>. &merged;</para>
3534
3535 <para role="historic">The <application>sendmail</application> configuration
3536 building tools are installed in
3537 <filename>/usr/share/sendmail/cf/</filename>. &merged;</para>
3538
3539 <para role="historic">New <filename>make.conf</filename> options:
3540 <varname>SENDMAIL_MC</varname> and
3541 <varname>SENDMAIL_ADDITIONAL_MC</varname>. See
3542 <filename>/usr/share/examples/etc/make.conf</filename> for more
3543 information. &merged;</para>
3544
3545 <para role="historic"><filename>/etc/mail/Makefile</filename> now supports:
3546 the new <varname>SENDMAIL_MC</varname>
3547 <filename>make.conf</filename> option; the ability to build
3548 <filename>.cf</filename> files from
3549 <filename>.mc</filename> files; generalized map rebuilding;
3550 rebuilding the aliases file; and the ability to stop, start,
3551 and restart
3552 <application>sendmail</application>. &merged;</para>
3553
3554 <para role="historic">The <username>smmsp</username> and
3555 <username>mailnull</username> users have been added to
3556 <filename>/etc/master.passwd</filename>. In the absence of a
3557 <literal>confDEF_USER_ID</literal> setting, by default,
3558 <application>sendmail</application> will use the
3559 <username>mailnull</username> user for extra security.
3560 Previously, if the <username>mailnull</username> user did
3561 not exist, the <username>daemon</username> user was used.
3562 This change may generate some permissions issues when
3563 mailing to files or to programs (such as <filename
3564 role="package">mail/majordomo</filename>). &merged; The
3565 previous behavior can be restored by adding the following
3566 line to a system's
3567 <filename><replaceable>*</replaceable>.mc</filename>
3568 configuration file:
3569
3570 <programlisting>define(`confDEF_USER_ID', `daemon')</programlisting>
3571 </para>
3572
3573 <para role="historic">Beginning with the import of
3574 <application>sendmail</application> 8.12.2, multiple
3575 <application>sendmail</application> daemons (some required
3576 to handle outgoing mail) are started by &man.rc.8;, even if
3577 the <varname>sendmail_enable</varname> variable is set to
3578 <literal>NO</literal>. To completely disable
3579 <application>sendmail</application>,
3580 <varname>sendmail_enable</varname> must be set to
3581 <literal>NONE</literal>. Alternatively, for systems using a
3582 different MTA, the <varname>mta_start_script</varname> variable can
3583 be used to point to a different startup script (more details
3584 can be found in &man.rc.sendmail.8;). &merged;</para>
3585
3586 <para>By default, &man.rc.8; no longer enables
3587 <application>sendmail</application> for inbound SMTP
3588 connections. Note that &man.sysinstall.8; may override this
3589 default for a binary installation, based on what security
3590 profile is selected. This functionality can also be
3591 manually enabled by adding the following line to
3592 <filename>/etc/rc.conf</filename>:</para>
3593
3594 <programlisting>sendmail_enable="YES"</programlisting>
3595
3596 <para>The permissions for <application>sendmail</application>
3597 alias and map databases built via
3598 <filename>/etc/mail/Makefile</filename> now default to mode
3599 0640 to protect against a file locking local denial of service.
3600 It can be changed by setting the new
3601 <varname>SENDMAIL_MAP_PERMS</varname>
3602 <filename>make.conf</filename> option. &merged;</para>
3603
3604 <para>The permissions for the <application>sendmail</application>
3605 statistics file, <filename>/var/log/sendmail.st</filename>, have
3606 been changed from mode 0644 to mode 0640 to protect against
3607 a file locking local denial of service. &merged;</para>
3608
3609 </sect4>
3610 </sect3>
3611
3612 <sect3>
3613 <title>Ports/Packages Collection Infrastructure</title>
3614
3615 <para><application>BSDPAN</application>, a collection of modules
3616 that provides tighter integration of
3617 <application>Perl</application> into the &os; Ports
3618 Collection, has been added.</para>
3619
3620 <para role="historic">&man.pkg.create.1; and &man.pkg.add.1; can now work with
3621 packages that have been compressed using
3622 &man.bzip2.1;. &man.pkg.add.1; will use the PACKAGEROOT
3623 environment variable to determine a mirror site for new
3624 packages. &merged;</para>
3625
3626 <para role="historic">&man.pkg.create.1; now records dependencies in dependency
3627 order rather than in the order specified on the command line.
3628 This improves the functioning of <command>pkg_add
3629 -r</command>. &merged;</para>
3630
3631 <para role="historic">&man.pkg.create.1; now supports a <option>-b</option> to
3632 create a package file from a locally-installed
3633 package. &merged;</para>
3634
3635 <para role="historic">When requested to delete multiple packages,
3636 &man.pkg.delete.1; will now attempt to remove them in
3637 dependency order rather than the order specified on the
3638 command line. &merged;</para>
3639
3640 <para role="historic">&man.pkg.delete.1; now can perform glob/regexp matching of
3641 package names. In addition, it supports a <option>-a</option>
3642 option for removing all packages and a <option>-i</option>
3643 option for &man.rm.1;-style interactive
3644 confirmation. &merged;</para>
3645
3646 <para role="historic">&man.pkg.delete.1; now supports a <option>-r</option>
3647 option for recursive package removal. &merged;</para>
3648
3649 <para role="historic">&man.pkg.info.1; now supports globbing against names of
3650 installed packages. The <option>-G</option> option disables
3651 this behavior, and the <option>-x</option> option causes
3652 regular expression matching instead of shell
3653 globbing. &merged;</para>
3654
3655 <para role="historic">&man.pkg.info.1; can now accept a <option>-g</option> flag
3656 for verifying an installed package against its recorded
3657 checksums (to see if it's been modified post-installation).
3658 Naturally, this mechanism is only as secure as the contents of
3659 <filename>/var/db/pkg</filename> if it's to be used for auditing
3660 purposes. &merged;</para>
3661
3662 <para role="historic">&man.pkg.sign.1; and &man.pkg.check.1; have been added to
3663 digitally sign and verify the signatures on binary package
3664 files. &merged;</para>
3665
3666 <para>For some time, &os; 5.0-CURRENT (as well as some 4.X
3667 releases) included a pkg_update(1) utility to update installed
3668 packages, as well as their dependencies. This utility has
3669 been removed; a superset of its functionality can be found in
3670 the <filename role="package">sysutils/portupgrade</filename>
3671 port.</para>
3672
3673 <para role="historic">&man.pkg.version.1; now has a version number comparison
3674 routine that corresponds to the Porters Handbook. It also has
3675 a <option>-t</option> option for testing address comparisons.
3676 &merged;</para>
3677
3678 <para role="historic">&man.pkg.version.1; now takes a <option>-s</option> flag
3679 to limit its operation to ports/packages matching a given
3680 string. &merged;</para>
3681
3682 <para role="historic">Version numbers of installed packages have a new
3683 (backward-compatible) syntax, which supports the
3684 <varname>PORTREVISION</varname> and
3685 <varname>PORTEPOCH</varname> variables in Ports Collection
3686 <filename>Makefile</filename>s. These changes help keep track
3687 of changes in the ports collection entries such as security
3688 patches or &os;-specific updates, which aren't reflected in
3689 the original, third-party software distributions.
3690 &man.pkg.version.1; can now compare these new-style version
3691 numbers. &merged;</para>
3692
3693 <para role="historic">To improve performance and disk utilization, the
3694 <quote>ports skeletons</quote> in the &os; Ports Collection
3695 have been restructured. Installed ports and packages should
3696 not be affected. &merged;</para>
3697
3698 <para role="historic">All packages and ports now contain an
3699 <quote>origin</quote> directive, which makes it easier for
3700 programs such as &man.pkg.version.1; to determine the
3701 directory from which a package was built. &merged;</para>
3702
3703 <para role="historic">The Ports Collection infrastructure now uses
3704 <application>XFree86</application> 4.2.0 as the default version
3705 of the X Window System for the purposes of satisfying
3706 dependencies. To return to using
3707 <application>XFree86</application> 3.3.6, add the following line
3708 to <filename>/etc/make.conf</filename>: &merged;</para>
3709
3710 <programlisting role="historic">XFREE86_VERSION=3</programlisting>
3711
3712 <para>The libraries installed by the <filename
3713 role="package">emulators/linux_base</filename> port (required
3714 for Linux emulation) have been updated; they now correspond to
3715 those included with <application>Red Hat Linux</application>
3716 7.1.</para>
3717 </sect3>
3718 </sect2>
3719
3720 <sect2>
3721 <title>Release Engineering and Integration</title>
3722
3723 <para>The <filename>bin</filename> distribution has been renamed
3724 <filename>base</filename>, in order to make creation of combined
3725 install/recovery disks easier.</para>
3726
3727 <para arch="i386">ISO images and CDROMs now use the
3728 <filename>cdboot</filename> boot loader by default. This
3729 eliminates the need for an emulated floppy disk image on
3730 a bootable CDROM and allows for a full
3731 <filename>GENERIC</filename> kernel to be used for CDROM
3732 installations, at the expense of compatability with some old
3733 BIOSs.</para>
3734
3735 <para arch="i386,pc98,alpha" role="historic"><application>XFree86</application> 4.2.0
3736 is now the default version of the X Window System supported by
3737 &man.sysinstall.8;. It installs
3738 <application>XFree86</application> as a set of standard binary
3739 packages, so the usual package utilities such as
3740 &man.pkg.info.1; can be used to examine/manipulate its
3741 components. &merged;</para>
3742
3743 <para>It is now possible to make releases of &os;
3744 &release.current; on a &os; 4-STABLE host. Cross-architecture
3745 (building a release for a target architecture on a host of a
3746 different architecture) releases are also possible. See
3747 &man.release.7; for details.</para>
3748
3749 </sect2>
3750</sect1>
3751
3752<sect1>
3753 <title>Upgrading from previous releases of &os;</title>
3754
3755 <para>If you're upgrading from a previous release of &os;, you
3756 generally will have three options:
3757
3758 <itemizedlist>
3759 <listitem>
3760 <para>Using the binary upgrade option of &man.sysinstall.8;.
3761 This option is perhaps the quickest, although it presumes
3762 that your installation of &os; uses no special compilation
3763 options.</para>
3764 </listitem>
3765 <listitem>
3766 <para>Performing a complete reinstall of &os;. Technically,
3767 this is not an upgrading method, and in any case is usually less
3768 convenient than a binary upgrade, in that it requires you to
3769 manually backup and restore the contents of
3770 <filename>/etc</filename>. However, it may be useful in
3771 cases where you want (or need) to change the partitioning of
3772 your disks.
3773 </listitem>
3774 <listitem>
3775 <para>From source code in <filename>/usr/src</filename>. This
3776 route is more flexible, but requires more disk space, time,
3777 and more technical expertise. Upgrading from very old
3778 versions of &os; may be problematic; in cases like this, it
3779 is usually more effective to perform a binary upgrade or a
3780 complete reinstall.</para>
3781 </listitem>
3782 </itemizedlist>
3783 </para>
3784
3785 <para>Please read the <filename>INSTALL.TXT</filename> file for more
3786 information, preferably <emphasis>before</emphasis> beginning an
3787 upgrade. If you are upgrading from source, please be sure to read
3788 <filename>/usr/src/UPDATING</filename> as well.</para>
3789
3790 <para>Finally, if you want to use one of various means to track the
3791 -STABLE or -CURRENT branches of &os;, please be sure to consult
3792 the <ulink
3793 url="http://www.FreeBSD.org/handbook/current-stable.html"><quote>-CURRENT
3794 vs. -STABLE</quote></ulink> section of the <ulink
3795 url="http://www.FreeBSD.org/handbook/">FreeBSD
3796 Handbook</ulink>.</para>
3797
3798 <important>
3799 <para>Upgrading &os; should, of course, only be attempted after
3800 backing up <emphasis>all</emphasis> data and configuration
3801 files.</para>
3802 </important>
3803</sect1>
|